Which Exchange 2010 certificate is used?

Posted on 2014-02-19
Last Modified: 2014-02-19
Hello everybody,

i'm using the SBS2011 Exchange with activesync and clientcertificate based authentication. When i installed the server i first made a selfsigned certificate, but later i also made a thawte-signed cert. Now i don't know anymore which certificate is used for the ssl-encryption and presented to an outlook or whatever email client that comes in over active-sync. When i add a new client to the network i need the selfsigned-cert because thats the CA for the clientcertificates, but i dont know if this is the certificate used in the actual communication between server and client.

What information do you need to answer this question?

Kind regards
Question by:PhilipWestphal
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 37

Accepted Solution

Jamie McKillop earned 250 total points
ID: 39871419

Run get-exchangecertificate -server <server> | fl

This will tell you which services each cert is enabled for. You can then run:

Enable-ExchangeCertificate -Thumbprint <thumbprint> -Services POP,IMAP,SMTP,IIS

To enable the new cert on any services.


Author Comment

ID: 39871538
Hello JJ,

thanks for your answer. There is only one cert which is enabled for the service IIS... am i correct assuming that this is the cert which is used for the communication between the mailclients (i don't use imap or pop in any client, not onside and not for remote-access) and my exchange-server?

Kind regards
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39871547
Yes, whichever cert is enabled for IIS (there can be only one enabled at a time) will be used for client communication.


Author Comment

ID: 39871611
Thanks a lot.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AddressList in EXCH2013 6 37
exchange 16 47
exchange, owa 4 46
Exchange Certification Training 5 58
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question