[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Multiple SSL Certificates

Our exchange server is setup with multiple certificates. One self-signed with SMTP services. One that looks self-signed but is not listed as such with IMAP, POP, and SMTP services. Then our GoDaddy certificate with IMAP, POP, IIS, and SMTP services.

Do I need all three?
0
Jennifer
Asked:
Jennifer
  • 4
  • 3
3 Solutions
 
becraigCommented:
Generally based on your config you will only need 2


Self-sgined SMTP
Go-Daddy other services e.g.   IMAP POP IIS.

You should be able to simply run the commands below to verify your urls against your certificate:
get-AutodiscoverVirtualDirectory | fl
get-ClientAccessServer | fl
get-webservicesvirtualdirectory | fl
get-oabvirtualdirectory | fl
get-owavirtualdirectory | fl
get-ecpvirtualdirectory | fl
get-ActiveSyncVirtualDirectory| fl
0
 
JenniferIT DirectorAuthor Commented:
I will look at these and see what I get, thanks.
0
 
JenniferIT DirectorAuthor Commented:
I review my mappings. I tried to change the assignments to work as described but it is not taking effect.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
becraigCommented:
Ok so I was actually waiting for you to verify what was bound to what

Run get-Exchangecertificate first to be sure you are seeing an issue.

Then in  order to make sure the right certificate is bound to the right service you simply need to enable it

Steps:
1. Get the certificate thumbprints
gci cert:\Localmachine\my | fl thumbprint, subject,notafter
[Once you identify the correct thumbprints above]

2. You will run enable exchange certificate for the specific services
Enable-ExchangeCertificate -Thumbprint <thumbprint for correct certificate from above> -Services <comma separated services>

3. Run iisreset just to be sure everything is update as for as IIS related services are concerned.

One you have verified the services are bound to the correct certificate you can remove the fault certificate.

Remove-ExchangeCertificate -thumbprint <thumbprint>
0
 
JenniferIT DirectorAuthor Commented:
I will do this, thank you. Do you think this would have anything to do with why half of my users have started continuously getting prompted for their passwords? I would assume no since nothing has changed on these certificates but as far as I know nothing has changed that would make it start doing that.
0
 
becraigCommented:
Certificates / certificate changes would not force password prompts.

There may be something else in your environment that might have changed.
0
 
JenniferIT DirectorAuthor Commented:
Thanks for the help. I did have to rekey my certificate but otherwise all seems to be working now including the login prompts.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now