Exchange 2010 - Certificates

I have a new Exchange 2010 install, and having some issues with installing new Wildcard SSL Certificate.
I have completed a new request via EMC so that I now have the Self-Signed Certificate and newly added Wildcard Certificate visible in EMC.

I have not see anywhere to Assign to OWA or ActiveSync per most instructions in setting up Exchange Server Certs - ??
Should I remove the Self-Assigned Cert now that I have a wildcard cert installed/assigned?
Do I need to install wildcard cert on Server 2008 R2 somewhere?

Note: I have assigned new wildcard cert to IIS and SMTP (we dont use IMAP or POP), but do I need to assign other services?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sushil SonawaneCommented:
Enable the new created certificate and assign the services through exchange power shell.

After enable the service run the command "IISRESET" in command prompt.

Please refer below link to enable your wild card certificate on server  means to see in owa.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Md. MojahidCommented:
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read Understanding TLS Certificates.

Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name (FQDN) of the service.

For the detailed information, please refer to the following link:


Title: Enable-ExchangeCertificate

Md. MojahidCommented:
First of all you have to tackle the access denied part of it and it can be cleared by checking and assigning the required permissions.

Error is also showing that static IP has miss-configured so ensure that it is assigned perfectly as per the necessity

There might not be a DAG1 account created by where as DAG account could be there which an Exchange Console formulate without any problems/error. So ensure that DAG1 account has created in the place.

You can also simply remove DAG pre-stage DAG user in AD and assign full permission on DAG Object; don’t forget to deactivate the DAG computer A/c.
FlippAuthor Commented:
Thank you for your feedback and answers. I never worked out if you can remove the self-signed certificate that is created but so far no issues so will leave in tact.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.