Solved

Wild Card Certificate Exchange 2010

Posted on 2014-03-20
6
463 Views
Last Modified: 2014-03-20
Hi Experts,

I hope you can help me with something. I am trying to replace a soon to expire certificate with a wild card but im having little luck

Far as i understand, i need to do this from EMC with the following command

set-imapsettings -CertificateName mail.mydomain.co.uk

is this correct? Also the FQDN i am trying to set the wild card to is the name of the previous certificate. Would this cause any problems also?
0
Comment
Question by:FSIFM
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39941887
With Exchange 2010 you can generate a new certificate request from the management console, so no need to use commands unless you want to.

The wizard is located under Server Configuration and right clicking on the server and choosing New Exchange Certificate. The wizard gives you the option to select a wildcard certificate. Set the common name to be *.yourdomain.com

Finish the wizard and this will generate your request. The next step is to purchase a wildcard certificate from a CA and when issued come back into exchange and complete the pending request.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39941889
First - wildcard certificates are not recommended for use with Exchange 2007 and higher. They are NOT the same as a UC certificate, which is the recommended type.
You have hit on one of the main reasons why - protocols like POP3 and IMAP can have issues with a wildcard certificate.

A certificate for mail.example.com is not the same as *.example.com, so you would need to change the command to match the certificate's actual name. The FQDN in the command doesn't matter, because IMAP doesn't do Autodiscover.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39941968
Hi Simon,

Not sure what you mean by changing the command to match the certificate name.

In this instance the certificate name is *.mydomain.com
The FQDN for the old certificate and what they connect to is mail.mydomain.com

so would the command read

set-imapsettings -*.mydomain.com mail.mydomain.co.uk
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39941978
The host name the clients connect to is completely immaterial. Exchange doesn't control that.
Furthermore you cannot have multiple addresses in the IMAP setting, so the command that you have posted is not valid.

This should work:

set-imapsettings -CertificateName *.mydomain.co.uk

However there is no guarantee that it will work with all IMAP clients.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39942005
Hi Simon,

Is -certificateName a command or a value to populate with the actual certificate name?

Running

set-imapsettings -CertificateName *.mydomain.com

Fails with

Cannot process argument transformation on parameter 'AuthenticatedConnectionTimeout'. Cannot convert value "-Certificat
eName" to type "Microsoft.Exchange.Data.EnhancedTimeSpan". Error: "Input string was not in a correct format."

Running

set-imapsettings -X509CertificateName *.mydomain.com

Fails with

The certificate with the subject '*.mydomain.com' can't be used for SSL or TLS connections because the subject isn't a valid fully qualified domain name (FQDN).
0
 
LVL 4

Author Closing Comment

by:FSIFM
ID: 39942472
I've given up and gone back to a standard certificate

Cheers for trying to help though guys
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question