Exchange 2013 Certificate

Hi Everyone

Please look at attached certificate ,im in the midst of an migration from exchange 2010 to exchange 2013 ,not sure why i'm getting certificate error.

Many Thanks
Dirkie LaubscherNetwork adminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
The error means what it says. The certificate isn't trusted.
Do you have a trusted certificate on both Exchange 2010 and 2013?
They can share the certificate, but they cannot share the URLs involved. That could mean you need to get an additional SSL certificate for either Exchange 2010 or 2013.

Dirkie LaubscherNetwork adminAuthor Commented:
Hi Simon ,can I use self signed certificate on exchange 2013??
Simon Butler (Sembee)ConsultantCommented:
Not really.

Self Signed certificates are not supported for use with ActiveSync or Outlook Anywhere.
The self signed certificate generated by Exchange should be considered a place holder for web services, rather than something used in production.

Furthermore they are rarely worth the hassle. When you can get a trusted certificate for less than $80/year, trying to get a "free" self signed certificate to work is a poor use of time. If a client asks me to deploy with self signed certificates they get told to find another consultant. At my hourly rate, it simply is more cost effective to deploy a trusted certificate.

Dirkie LaubscherNetwork adminAuthor Commented:
Active sync is working I did import wildcard CRT but my server is showing now I'm sitting with dns problem do you have suggestions
Will SzymkowskiSenior Solution ArchitectCommented:
Whatever names you have in your SSL cert need to match the virtual directory URL's FQDN. Meaning below.

SSL cert
Friendly Name -


If your URLs in your virtual directories are anything different then what you have indicated in your SSL cert then you will get a certificate issue.


For Exchange you also need to ensure that the cert is enabled as well on all CAS servers, using the following command...
Enable-ExchangeCertifiacte -Thumbprint <xxxxxxxxxx> -Services "pop,imap,smtp,iis"

Another thing I would check is make sure that on the CAS server you have the cert in the Computer Personal Store and that the trusted Root is actually in the Trusted Root Certificate Folder as well.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.