• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 574
  • Last Modified:

Exchange 2010 - Certificates

I have a new Exchange 2010 install, and having some issues with installing new Wildcard SSL Certificate.
I have completed a new request via EMC so that I now have the Self-Signed Certificate and newly added Wildcard Certificate visible in EMC.

I have not see anywhere to Assign to OWA or ActiveSync per most instructions in setting up Exchange Server Certs - ??
Should I remove the Self-Assigned Cert now that I have a wildcard cert installed/assigned?
Do I need to install wildcard cert on Server 2008 R2 somewhere?

Note: I have assigned new wildcard cert to IIS and SMTP (we dont use IMAP or POP), but do I need to assign other services?
  • 2
2 Solutions
Sushil SonawaneCommented:
Enable the new created certificate and assign the services through exchange power shell.


After enable the service run the command "IISRESET" in command prompt.

Please refer below link to enable your wild card certificate on server  means to see in owa.


Md. MojahidCommented:
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read Understanding TLS Certificates.

Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name (FQDN) of the service.

For the detailed information, please refer to the following link:


Title: Enable-ExchangeCertificate

URL: http://technet.microsoft.com/en-us/library/aa997231.aspx
Md. MojahidCommented:
First of all you have to tackle the access denied part of it and it can be cleared by checking and assigning the required permissions.

Error is also showing that static IP has miss-configured so ensure that it is assigned perfectly as per the necessity

There might not be a DAG1 account created by where as DAG account could be there which an Exchange Console formulate without any problems/error. So ensure that DAG1 account has created in the place.

You can also simply remove DAG pre-stage DAG user in AD and assign full permission on DAG Object; don’t forget to deactivate the DAG computer A/c.
FlippAuthor Commented:
Thank you for your feedback and answers. I never worked out if you can remove the self-signed certificate that is created but so far no issues so will leave in tact.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now