Solved

Exchange 2010 - Certificate Issue

Posted on 2014-10-29
8
60 Views
Last Modified: 2014-11-05
Hi Guys,

Got an Exchange 2010 box and have installed a new Geotrust cert. for OWA.  I have assigned the appropriate roles to the certificate (IIS) in the ECP, however, the system still reverts to the self-signed one when using webmail.  Have done all the usual stuff like iiSreset etc. - I think I am missing a step.  Looking through some of the guides I have used I don't see anything that mentions this issue.  It basically says, install the certificate and assign the roles.

Anyone got any suggestions.

Appreciate your time and help.

IM

PS.  Have still got the self-signed cert listed in ECP, as I felt it was probably needed.  Again there was no mention to this in any of the guides.
0
Comment
Question by:ianmclachlan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40410909
Check using Exchange power shell management command.

Get-ExchangeCertificate

Verify the thumbprint of certificate assign to IIS.
0
 

Author Comment

by:ianmclachlan
ID: 40411182
Hi,

Thanks for your reply.

The thumbprint is list and has services (I, W and S) assigned to it.  Also verified using Subject cn name in PS.

IM
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40411335
Please check binding on IIS server

 IIS Manager | right-click the Exchange Back End website | click Bindings.
Select, https | click Edit.
If you see “old certificate”, click on Select.
Select the "new Certificate" you want to use.
Apply all the changes and you should be good.
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 

Author Comment

by:ianmclachlan
ID: 40412730
Hi,

Thanks for your suggestion.

I checked the bindings for HTTPS in the IIS Manager and the certificate is listed correctly.  I just can't understand why it's pushing the self signed cert. when it's clearly configured for Geo trust.

IM
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40412831
Please open the website one exchange server.

If possible reboot the server and check again.

If problem still exit check the internal and external DNS are pointing to correct website.
0
 

Author Comment

by:ianmclachlan
ID: 40414424
Hi,

Again, thanks for your comments.

Have rebooted the server, still getting the same results.
External/Internal DNS for OWA resolves to the name that's on the cert - yet system is still pushing the self-signed cert.

It shouldn't be this difficult.

IM
0
 

Accepted Solution

by:
ianmclachlan earned 0 total points
ID: 40415533
Hi Guys,

Finally got the problme fixed.  I remove the cert and put it back on again, and it all sparked into life.  Not sure what happened the first time round as it was making all the right noises.  

Thanks again guys for your suggestions.

IM
0
 

Author Closing Comment

by:ianmclachlan
ID: 40423515
I managed to fix the issue myself.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Dermot
The life of crime is over for 22 year-old Christian Ian Salvador, a student from Isabela State University in the Philippines.
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question