?
Solved

Wild Card Certificate Exchange 2010

Posted on 2014-03-20
6
Medium Priority
?
476 Views
Last Modified: 2014-03-20
Hi Experts,

I hope you can help me with something. I am trying to replace a soon to expire certificate with a wild card but im having little luck

Far as i understand, i need to do this from EMC with the following command

set-imapsettings -CertificateName mail.mydomain.co.uk

is this correct? Also the FQDN i am trying to set the wild card to is the name of the previous certificate. Would this cause any problems also?
0
Comment
Question by:FSIFM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39941887
With Exchange 2010 you can generate a new certificate request from the management console, so no need to use commands unless you want to.

The wizard is located under Server Configuration and right clicking on the server and choosing New Exchange Certificate. The wizard gives you the option to select a wildcard certificate. Set the common name to be *.yourdomain.com

Finish the wizard and this will generate your request. The next step is to purchase a wildcard certificate from a CA and when issued come back into exchange and complete the pending request.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39941889
First - wildcard certificates are not recommended for use with Exchange 2007 and higher. They are NOT the same as a UC certificate, which is the recommended type.
You have hit on one of the main reasons why - protocols like POP3 and IMAP can have issues with a wildcard certificate.

A certificate for mail.example.com is not the same as *.example.com, so you would need to change the command to match the certificate's actual name. The FQDN in the command doesn't matter, because IMAP doesn't do Autodiscover.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39941968
Hi Simon,

Not sure what you mean by changing the command to match the certificate name.

In this instance the certificate name is *.mydomain.com
The FQDN for the old certificate and what they connect to is mail.mydomain.com

so would the command read

set-imapsettings -*.mydomain.com mail.mydomain.co.uk
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39941978
The host name the clients connect to is completely immaterial. Exchange doesn't control that.
Furthermore you cannot have multiple addresses in the IMAP setting, so the command that you have posted is not valid.

This should work:

set-imapsettings -CertificateName *.mydomain.co.uk

However there is no guarantee that it will work with all IMAP clients.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39942005
Hi Simon,

Is -certificateName a command or a value to populate with the actual certificate name?

Running

set-imapsettings -CertificateName *.mydomain.com

Fails with

Cannot process argument transformation on parameter 'AuthenticatedConnectionTimeout'. Cannot convert value "-Certificat
eName" to type "Microsoft.Exchange.Data.EnhancedTimeSpan". Error: "Input string was not in a correct format."

Running

set-imapsettings -X509CertificateName *.mydomain.com

Fails with

The certificate with the subject '*.mydomain.com' can't be used for SSL or TLS connections because the subject isn't a valid fully qualified domain name (FQDN).
0
 
LVL 4

Author Closing Comment

by:FSIFM
ID: 39942472
I've given up and gone back to a standard certificate

Cheers for trying to help though guys
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question