Solved

Wild Card Certificate Exchange 2010

Posted on 2014-03-20
6
456 Views
Last Modified: 2014-03-20
Hi Experts,

I hope you can help me with something. I am trying to replace a soon to expire certificate with a wild card but im having little luck

Far as i understand, i need to do this from EMC with the following command

set-imapsettings -CertificateName mail.mydomain.co.uk

is this correct? Also the FQDN i am trying to set the wild card to is the name of the previous certificate. Would this cause any problems also?
0
Comment
Question by:FSIFM
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39941887
With Exchange 2010 you can generate a new certificate request from the management console, so no need to use commands unless you want to.

The wizard is located under Server Configuration and right clicking on the server and choosing New Exchange Certificate. The wizard gives you the option to select a wildcard certificate. Set the common name to be *.yourdomain.com

Finish the wizard and this will generate your request. The next step is to purchase a wildcard certificate from a CA and when issued come back into exchange and complete the pending request.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39941889
First - wildcard certificates are not recommended for use with Exchange 2007 and higher. They are NOT the same as a UC certificate, which is the recommended type.
You have hit on one of the main reasons why - protocols like POP3 and IMAP can have issues with a wildcard certificate.

A certificate for mail.example.com is not the same as *.example.com, so you would need to change the command to match the certificate's actual name. The FQDN in the command doesn't matter, because IMAP doesn't do Autodiscover.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39941968
Hi Simon,

Not sure what you mean by changing the command to match the certificate name.

In this instance the certificate name is *.mydomain.com
The FQDN for the old certificate and what they connect to is mail.mydomain.com

so would the command read

set-imapsettings -*.mydomain.com mail.mydomain.co.uk
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39941978
The host name the clients connect to is completely immaterial. Exchange doesn't control that.
Furthermore you cannot have multiple addresses in the IMAP setting, so the command that you have posted is not valid.

This should work:

set-imapsettings -CertificateName *.mydomain.co.uk

However there is no guarantee that it will work with all IMAP clients.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39942005
Hi Simon,

Is -certificateName a command or a value to populate with the actual certificate name?

Running

set-imapsettings -CertificateName *.mydomain.com

Fails with

Cannot process argument transformation on parameter 'AuthenticatedConnectionTimeout'. Cannot convert value "-Certificat
eName" to type "Microsoft.Exchange.Data.EnhancedTimeSpan". Error: "Input string was not in a correct format."

Running

set-imapsettings -X509CertificateName *.mydomain.com

Fails with

The certificate with the subject '*.mydomain.com' can't be used for SSL or TLS connections because the subject isn't a valid fully qualified domain name (FQDN).
0
 
LVL 4

Author Closing Comment

by:FSIFM
ID: 39942472
I've given up and gone back to a standard certificate

Cheers for trying to help though guys
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now