Solved

Multiple SSL Certificates

Posted on 2014-09-03
7
182 Views
Last Modified: 2014-09-18
Our exchange server is setup with multiple certificates. One self-signed with SMTP services. One that looks self-signed but is not listed as such with IMAP, POP, and SMTP services. Then our GoDaddy certificate with IMAP, POP, IIS, and SMTP services.

Do I need all three?
0
Comment
Question by:Jennifer
  • 4
  • 3
7 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40301930
Generally based on your config you will only need 2


Self-sgined SMTP
Go-Daddy other services e.g.   IMAP POP IIS.

You should be able to simply run the commands below to verify your urls against your certificate:
get-AutodiscoverVirtualDirectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdirectory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirectory| fl
0
 

Author Comment

by:Jennifer
ID: 40310133
I will look at these and see what I get, thanks.
0
 

Author Comment

by:Jennifer
ID: 40320297
I review my mappings. I tried to change the assignments to work as described but it is not taking effect.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40320327
Ok so I was actually waiting for you to verify what was bound to what

Run get-Exchangecertificate first to be sure you are seeing an issue.

Then in  order to make sure the right certificate is bound to the right service you simply need to enable it

Steps:
1. Get the certificate thumbprints
gci cert:\Localmachine\my | fl thumbprint, subject,notafter
[Once you identify the correct thumbprints above]

2. You will run enable exchange certificate for the specific services
Enable-ExchangeCertificate -Thumbprint <thumbprint for correct certificate from above> -Services <comma separated services>

3. Run iisreset just to be sure everything is update as for as IIS related services are concerned.

One you have verified the services are bound to the correct certificate you can remove the fault certificate.

Remove-ExchangeCertificate -thumbprint <thumbprint>
0
 

Author Comment

by:Jennifer
ID: 40325506
I will do this, thank you. Do you think this would have anything to do with why half of my users have started continuously getting prompted for their passwords? I would assume no since nothing has changed on these certificates but as far as I know nothing has changed that would make it start doing that.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325889
Certificates / certificate changes would not force password prompts.

There may be something else in your environment that might have changed.
0
 

Author Comment

by:Jennifer
ID: 40331698
Thanks for the help. I did have to rekey my certificate but otherwise all seems to be working now including the login prompts.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now