Solved

Multiple SSL Certificates

Posted on 2014-09-03
7
180 Views
Last Modified: 2014-09-18
Our exchange server is setup with multiple certificates. One self-signed with SMTP services. One that looks self-signed but is not listed as such with IMAP, POP, and SMTP services. Then our GoDaddy certificate with IMAP, POP, IIS, and SMTP services.

Do I need all three?
0
Comment
Question by:Jennifer
  • 4
  • 3
7 Comments
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40301930
Generally based on your config you will only need 2


Self-sgined SMTP
Go-Daddy other services e.g.   IMAP POP IIS.

You should be able to simply run the commands below to verify your urls against your certificate:
get-AutodiscoverVirtualDirectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdirectory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirectory| fl
0
 

Author Comment

by:Jennifer
ID: 40310133
I will look at these and see what I get, thanks.
0
 

Author Comment

by:Jennifer
ID: 40320297
I review my mappings. I tried to change the assignments to work as described but it is not taking effect.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 28

Accepted Solution

by:
becraig earned 500 total points
ID: 40320327
Ok so I was actually waiting for you to verify what was bound to what

Run get-Exchangecertificate first to be sure you are seeing an issue.

Then in  order to make sure the right certificate is bound to the right service you simply need to enable it

Steps:
1. Get the certificate thumbprints
gci cert:\Localmachine\my | fl thumbprint, subject,notafter
[Once you identify the correct thumbprints above]

2. You will run enable exchange certificate for the specific services
Enable-ExchangeCertificate -Thumbprint <thumbprint for correct certificate from above> -Services <comma separated services>

3. Run iisreset just to be sure everything is update as for as IIS related services are concerned.

One you have verified the services are bound to the correct certificate you can remove the fault certificate.

Remove-ExchangeCertificate -thumbprint <thumbprint>
0
 

Author Comment

by:Jennifer
ID: 40325506
I will do this, thank you. Do you think this would have anything to do with why half of my users have started continuously getting prompted for their passwords? I would assume no since nothing has changed on these certificates but as far as I know nothing has changed that would make it start doing that.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325889
Certificates / certificate changes would not force password prompts.

There may be something else in your environment that might have changed.
0
 

Author Comment

by:Jennifer
ID: 40331698
Thanks for the help. I did have to rekey my certificate but otherwise all seems to be working now including the login prompts.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now