Wild Card Certificate Exchange 2010

Hi Experts,

I hope you can help me with something. I am trying to replace a soon to expire certificate with a wild card but im having little luck

Far as i understand, i need to do this from EMC with the following command

set-imapsettings -CertificateName mail.mydomain.co.uk

is this correct? Also the FQDN i am trying to set the wild card to is the name of the previous certificate. Would this cause any problems also?
LVL 4
FSIFMAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
First - wildcard certificates are not recommended for use with Exchange 2007 and higher. They are NOT the same as a UC certificate, which is the recommended type.
You have hit on one of the main reasons why - protocols like POP3 and IMAP can have issues with a wildcard certificate.

A certificate for mail.example.com is not the same as *.example.com, so you would need to change the command to match the certificate's actual name. The FQDN in the command doesn't matter, because IMAP doesn't do Autodiscover.

Simon.
0
 
vmdudeCommented:
With Exchange 2010 you can generate a new certificate request from the management console, so no need to use commands unless you want to.

The wizard is located under Server Configuration and right clicking on the server and choosing New Exchange Certificate. The wizard gives you the option to select a wildcard certificate. Set the common name to be *.yourdomain.com

Finish the wizard and this will generate your request. The next step is to purchase a wildcard certificate from a CA and when issued come back into exchange and complete the pending request.
0
 
FSIFMAuthor Commented:
Hi Simon,

Not sure what you mean by changing the command to match the certificate name.

In this instance the certificate name is *.mydomain.com
The FQDN for the old certificate and what they connect to is mail.mydomain.com

so would the command read

set-imapsettings -*.mydomain.com mail.mydomain.co.uk
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
Simon Butler (Sembee)ConsultantCommented:
The host name the clients connect to is completely immaterial. Exchange doesn't control that.
Furthermore you cannot have multiple addresses in the IMAP setting, so the command that you have posted is not valid.

This should work:

set-imapsettings -CertificateName *.mydomain.co.uk

However there is no guarantee that it will work with all IMAP clients.

Simon.
0
 
FSIFMAuthor Commented:
Hi Simon,

Is -certificateName a command or a value to populate with the actual certificate name?

Running

set-imapsettings -CertificateName *.mydomain.com

Fails with

Cannot process argument transformation on parameter 'AuthenticatedConnectionTimeout'. Cannot convert value "-Certificat
eName" to type "Microsoft.Exchange.Data.EnhancedTimeSpan". Error: "Input string was not in a correct format."

Running

set-imapsettings -X509CertificateName *.mydomain.com

Fails with

The certificate with the subject '*.mydomain.com' can't be used for SSL or TLS connections because the subject isn't a valid fully qualified domain name (FQDN).
0
 
FSIFMAuthor Commented:
I've given up and gone back to a standard certificate

Cheers for trying to help though guys
0
All Courses

From novice to tech pro — start learning today.