Solved

Multiple SSL Certificates

Posted on 2014-09-03
7
197 Views
Last Modified: 2014-09-18
Our exchange server is setup with multiple certificates. One self-signed with SMTP services. One that looks self-signed but is not listed as such with IMAP, POP, and SMTP services. Then our GoDaddy certificate with IMAP, POP, IIS, and SMTP services.

Do I need all three?
0
Comment
Question by:Jennifer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40301930
Generally based on your config you will only need 2


Self-sgined SMTP
Go-Daddy other services e.g.   IMAP POP IIS.

You should be able to simply run the commands below to verify your urls against your certificate:
get-AutodiscoverVirtualDirectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdirectory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirectory| fl
0
 

Author Comment

by:Jennifer
ID: 40310133
I will look at these and see what I get, thanks.
0
 

Author Comment

by:Jennifer
ID: 40320297
I review my mappings. I tried to change the assignments to work as described but it is not taking effect.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40320327
Ok so I was actually waiting for you to verify what was bound to what

Run get-Exchangecertificate first to be sure you are seeing an issue.

Then in  order to make sure the right certificate is bound to the right service you simply need to enable it

Steps:
1. Get the certificate thumbprints
gci cert:\Localmachine\my | fl thumbprint, subject,notafter
[Once you identify the correct thumbprints above]

2. You will run enable exchange certificate for the specific services
Enable-ExchangeCertificate -Thumbprint <thumbprint for correct certificate from above> -Services <comma separated services>

3. Run iisreset just to be sure everything is update as for as IIS related services are concerned.

One you have verified the services are bound to the correct certificate you can remove the fault certificate.

Remove-ExchangeCertificate -thumbprint <thumbprint>
0
 

Author Comment

by:Jennifer
ID: 40325506
I will do this, thank you. Do you think this would have anything to do with why half of my users have started continuously getting prompted for their passwords? I would assume no since nothing has changed on these certificates but as far as I know nothing has changed that would make it start doing that.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325889
Certificates / certificate changes would not force password prompts.

There may be something else in your environment that might have changed.
0
 

Author Comment

by:Jennifer
ID: 40331698
Thanks for the help. I did have to rekey my certificate but otherwise all seems to be working now including the login prompts.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question