Mac Mail trying to use old self-signed certificate
Posted on 2014-01-15
There is a third party GoDaddy SSL certificate on the Exchange 2007 server (which is SBS 2008). It has been working fine for years (yearly renewal). This year I renewed it for three years, and because of the coming changes, I could not include the local server name in the alternate names. I believe I have every part of Exchange / IIS referring only to the external URL for the domain, and for a month everything has been working fine. Today, a user with Mac Mail opened the application and got an expired certificate warning - and it was trying to use the self-signed Sites certificate which expired in 2012. I ran get-ExchangeCertificate and saw that SMTP was an assigned service for that certificate as well as for the GoDaddy certificate. I'm not sure but I don't think that was the case before. But anyway, I can't change the services to "none" - the command runs but doesn't change anything. I am not sure whether to renew or remove the Sites certificate - it's been expired for over a year, so it must not be needed for anything, but I also know SBS gets picky about the way things are set up. And mostly, I have no idea why this computer suddenly decided it wanted to use that certificate instead of the valid GoDaddy certificate. I did run a test of the SSL certificate through SSLShopper and it passes with no issues. Any thoughts would be appreciated!