Solved

Wildcard certificate on Exchange 2010 IMAP\POP

Posted on 2013-02-07
8
1,645 Views
Last Modified: 2013-11-29
Hi,
I am trying to use wildcard certificate on IMAP\POP services and require some help.
I'm using the following commands:
set-imapsettings -X509CertificateName mail.domain.com
set-popsettings -X509CertificateName mail.domain.com
enable-exchangecertificate -services POP,IMAP -thumbprint

And the result is:
Warning:
This certificate with thumbprint 0A02849AA284B4DB1D1670DCA1C6310BA7241864 and subject '*.domain.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

Warning:
This certificate with thumbprint 0A02849AA284B4DB1D1670DCA1C6310BA7241864 and subject '*.domain.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName
to the FQDN of the service.

Can you please advice?
0
Comment
Question by:cloudbase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
8 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 38864334
are you on service pack 1 >>>> http://support.microsoft.com/kb/948896
0
 

Author Comment

by:cloudbase
ID: 38865815
Actually I'm on Exchange 2010 SP2
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 38872198
you get those two warnings when running the enable-exchangecertificate, right?

the thing is.. you dont need to run the enable exchangecertificate.. you just need to set the pop and imapsettings with the fqdn that the users will connect to... after you've imported the certificate. please test and post the results.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:cloudbase
ID: 38872462
Hi,

Thanks, I'm not sure that I completely understood it.
The certificate was imported and it is in use by IIS services.
The FQDN was set for pop\imap, now, I don't need to enable the certificate to have IMAP\POP with SSL?
0
 

Accepted Solution

by:
cloudbase earned 0 total points
ID: 38980294
We replaced the wildcard with SAN certificate and everything works.
0
 

Author Closing Comment

by:cloudbase
ID: 38993131
none of the other solutions worked, so we bought SAN certificate.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Changing "From" field - Exchange 2013 5 58
Exchange Calendars 8 59
Exchange password change on mobile 2 111
Cannot send/receive after Exchange 2013 Migration 11 67
Read this checklist to learn more about the 15 things you should never include in an email signature.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question