Solved

Exchange 2010 - Certificate Issue

Posted on 2014-10-29
8
58 Views
Last Modified: 2014-11-05
Hi Guys,

Got an Exchange 2010 box and have installed a new Geotrust cert. for OWA.  I have assigned the appropriate roles to the certificate (IIS) in the ECP, however, the system still reverts to the self-signed one when using webmail.  Have done all the usual stuff like iiSreset etc. - I think I am missing a step.  Looking through some of the guides I have used I don't see anything that mentions this issue.  It basically says, install the certificate and assign the roles.

Anyone got any suggestions.

Appreciate your time and help.

IM

PS.  Have still got the self-signed cert listed in ECP, as I felt it was probably needed.  Again there was no mention to this in any of the guides.
0
Comment
Question by:ianmclachlan
  • 5
  • 3
8 Comments
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40410909
Check using Exchange power shell management command.

Get-ExchangeCertificate

Verify the thumbprint of certificate assign to IIS.
0
 

Author Comment

by:ianmclachlan
ID: 40411182
Hi,

Thanks for your reply.

The thumbprint is list and has services (I, W and S) assigned to it.  Also verified using Subject cn name in PS.

IM
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40411335
Please check binding on IIS server

 IIS Manager | right-click the Exchange Back End website | click Bindings.
Select, https | click Edit.
If you see “old certificate”, click on Select.
Select the "new Certificate" you want to use.
Apply all the changes and you should be good.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ianmclachlan
ID: 40412730
Hi,

Thanks for your suggestion.

I checked the bindings for HTTPS in the IIS Manager and the certificate is listed correctly.  I just can't understand why it's pushing the self signed cert. when it's clearly configured for Geo trust.

IM
0
 
LVL 10

Expert Comment

by:Gajendra Rathod
ID: 40412831
Please open the website one exchange server.

If possible reboot the server and check again.

If problem still exit check the internal and external DNS are pointing to correct website.
0
 

Author Comment

by:ianmclachlan
ID: 40414424
Hi,

Again, thanks for your comments.

Have rebooted the server, still getting the same results.
External/Internal DNS for OWA resolves to the name that's on the cert - yet system is still pushing the self-signed cert.

It shouldn't be this difficult.

IM
0
 

Accepted Solution

by:
ianmclachlan earned 0 total points
ID: 40415533
Hi Guys,

Finally got the problme fixed.  I remove the cert and put it back on again, and it all sparked into life.  Not sure what happened the first time round as it was making all the right noises.  

Thanks again guys for your suggestions.

IM
0
 

Author Closing Comment

by:ianmclachlan
ID: 40423515
I managed to fix the issue myself.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Easy CSR creation in Exchange 2007,2010 and 2013
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question