Solved

Multiple SSL Certificates

Posted on 2014-09-03
7
191 Views
Last Modified: 2014-09-18
Our exchange server is setup with multiple certificates. One self-signed with SMTP services. One that looks self-signed but is not listed as such with IMAP, POP, and SMTP services. Then our GoDaddy certificate with IMAP, POP, IIS, and SMTP services.

Do I need all three?
0
Comment
Question by:Jennifer
  • 4
  • 3
7 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40301930
Generally based on your config you will only need 2


Self-sgined SMTP
Go-Daddy other services e.g.   IMAP POP IIS.

You should be able to simply run the commands below to verify your urls against your certificate:
get-AutodiscoverVirtualDirectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdirectory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirectory| fl
0
 

Author Comment

by:Jennifer
ID: 40310133
I will look at these and see what I get, thanks.
0
 

Author Comment

by:Jennifer
ID: 40320297
I review my mappings. I tried to change the assignments to work as described but it is not taking effect.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40320327
Ok so I was actually waiting for you to verify what was bound to what

Run get-Exchangecertificate first to be sure you are seeing an issue.

Then in  order to make sure the right certificate is bound to the right service you simply need to enable it

Steps:
1. Get the certificate thumbprints
gci cert:\Localmachine\my | fl thumbprint, subject,notafter
[Once you identify the correct thumbprints above]

2. You will run enable exchange certificate for the specific services
Enable-ExchangeCertificate -Thumbprint <thumbprint for correct certificate from above> -Services <comma separated services>

3. Run iisreset just to be sure everything is update as for as IIS related services are concerned.

One you have verified the services are bound to the correct certificate you can remove the fault certificate.

Remove-ExchangeCertificate -thumbprint <thumbprint>
0
 

Author Comment

by:Jennifer
ID: 40325506
I will do this, thank you. Do you think this would have anything to do with why half of my users have started continuously getting prompted for their passwords? I would assume no since nothing has changed on these certificates but as far as I know nothing has changed that would make it start doing that.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325889
Certificates / certificate changes would not force password prompts.

There may be something else in your environment that might have changed.
0
 

Author Comment

by:Jennifer
ID: 40331698
Thanks for the help. I did have to rekey my certificate but otherwise all seems to be working now including the login prompts.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question