[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Wild Card Certificate Exchange 2010

Posted on 2014-03-20
6
Medium Priority
?
484 Views
Last Modified: 2014-03-20
Hi Experts,

I hope you can help me with something. I am trying to replace a soon to expire certificate with a wild card but im having little luck

Far as i understand, i need to do this from EMC with the following command

set-imapsettings -CertificateName mail.mydomain.co.uk

is this correct? Also the FQDN i am trying to set the wild card to is the name of the previous certificate. Would this cause any problems also?
0
Comment
Question by:FSIFM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:vmdude
ID: 39941887
With Exchange 2010 you can generate a new certificate request from the management console, so no need to use commands unless you want to.

The wizard is located under Server Configuration and right clicking on the server and choosing New Exchange Certificate. The wizard gives you the option to select a wildcard certificate. Set the common name to be *.yourdomain.com

Finish the wizard and this will generate your request. The next step is to purchase a wildcard certificate from a CA and when issued come back into exchange and complete the pending request.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39941889
First - wildcard certificates are not recommended for use with Exchange 2007 and higher. They are NOT the same as a UC certificate, which is the recommended type.
You have hit on one of the main reasons why - protocols like POP3 and IMAP can have issues with a wildcard certificate.

A certificate for mail.example.com is not the same as *.example.com, so you would need to change the command to match the certificate's actual name. The FQDN in the command doesn't matter, because IMAP doesn't do Autodiscover.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39941968
Hi Simon,

Not sure what you mean by changing the command to match the certificate name.

In this instance the certificate name is *.mydomain.com
The FQDN for the old certificate and what they connect to is mail.mydomain.com

so would the command read

set-imapsettings -*.mydomain.com mail.mydomain.co.uk
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39941978
The host name the clients connect to is completely immaterial. Exchange doesn't control that.
Furthermore you cannot have multiple addresses in the IMAP setting, so the command that you have posted is not valid.

This should work:

set-imapsettings -CertificateName *.mydomain.co.uk

However there is no guarantee that it will work with all IMAP clients.

Simon.
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39942005
Hi Simon,

Is -certificateName a command or a value to populate with the actual certificate name?

Running

set-imapsettings -CertificateName *.mydomain.com

Fails with

Cannot process argument transformation on parameter 'AuthenticatedConnectionTimeout'. Cannot convert value "-Certificat
eName" to type "Microsoft.Exchange.Data.EnhancedTimeSpan". Error: "Input string was not in a correct format."

Running

set-imapsettings -X509CertificateName *.mydomain.com

Fails with

The certificate with the subject '*.mydomain.com' can't be used for SSL or TLS connections because the subject isn't a valid fully qualified domain name (FQDN).
0
 
LVL 4

Author Closing Comment

by:FSIFM
ID: 39942472
I've given up and gone back to a standard certificate

Cheers for trying to help though guys
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question