Leo
asked on
Exchange WEbMail Certificate expired
Hi All,
Exchange Webmail SSL certificate for our workplace got expired yesterday, there are few other branches in different regions who uses the same webmail as us. So i tried the following steps, but i was not able to renew the certificate.
1) In Exchange Powershell tried this;
Get-ExchangeCertificate -thumbprint “BFC6AA7FB004A32FFDCC20B82 2D6EFBC49C BFAA0” | New-ExchangeCertificate
didnt work...
2)Tried this powershell command....
New-ExchangeCertificate -domainname mail.google.com, google.com, google.local, autodiscover.google.com, server01.google.com, server01 -Friendlyname google.com -generaterequest:$true -keysize 2048 -path c:\certrequest.txt -privatekeyexportable:$tru e -subjectname "c=US, o=Google Inc., cn=server01.google.com, s=California, l=Mountain View, ou=IT"
That created the text file and a certificate as well, when i went to mmc, under Personal root, it was there, i moved it to Trusted Root Certificate Authority, but its not working, i had a look at the Certificate Path for this certificate....it just says Webmail.domain.com, but its not pointing to Microsoft Exchange, could this be the problem? how it can be fixed.
Do i need to purchase a SSL certificate from GoDaddy to make the webmail work?
Exchange Webmail SSL certificate for our workplace got expired yesterday, there are few other branches in different regions who uses the same webmail as us. So i tried the following steps, but i was not able to renew the certificate.
1) In Exchange Powershell tried this;
Get-ExchangeCertificate -thumbprint “BFC6AA7FB004A32FFDCC20B82
didnt work...
2)Tried this powershell command....
New-ExchangeCertificate -domainname mail.google.com, google.com, google.local, autodiscover.google.com, server01.google.com, server01 -Friendlyname google.com -generaterequest:$true -keysize 2048 -path c:\certrequest.txt -privatekeyexportable:$tru
That created the text file and a certificate as well, when i went to mmc, under Personal root, it was there, i moved it to Trusted Root Certificate Authority, but its not working, i had a look at the Certificate Path for this certificate....it just says Webmail.domain.com, but its not pointing to Microsoft Exchange, could this be the problem? how it can be fixed.
Do i need to purchase a SSL certificate from GoDaddy to make the webmail work?
This is a self issued certificate, as such it will not be trusted. You need to purchase a (preferably UC) certificate from a trusted authority. The provider will generally have a guide for how to install it.
You dont mention what version of server you are running, but they have guides for most.
Cheers
Andrew
You dont mention what version of server you are running, but they have guides for most.
Cheers
Andrew
Please post the result of the command
Please use this to create new CSR
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
Get-ExchangeCertificate | fl issuer,IsSelfSigned,NotAfter,thumbprint
Please use this to create new CSR
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
ASKER
Output for this command, i.e. Get-ExchangeCertificate |FL ;
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a u, autodiscover.domain.com.au , autodiscover.local.domain. com.au,
autodiscover.elamotors.com .pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
NotAfter : 2/08/2016 2:38:28 PM
NotBefore : 2/08/2015 2:38:28 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 2432AE43855FA29B4023186319 F7E89F
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
Thumbprint : 432FB48C6ADBB08D062C710352 A312E5C34E 32DF
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a u, autodiscover.domain.com.au , autodiscover.local.domain. com.au,
autodiscover.elamotors.com .pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
NotAfter : 2/08/2016 9:30:53 AM
NotBefore : 2/08/2015 9:10:53 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 089E8CE5EC74AE8849F23EE151 00A74B
Services : None
Status : Valid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 2CDC28049F1727CBE6CD24C64C 83AD9B8C48 2821
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a u, autodiscover.domain.com.au , autodiscover.local.domain. com.au,
autodiscover.elamotors.com .pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
NotAfter : 2/08/2016 3:37:08 AM
NotBefore : 2/08/2015 3:17:08 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3FE5A404B66E04AE4D7EFA993C 0CDABF
Services : None
Status : Valid
Subject : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
Thumbprint : BFC6AA7FB004A32FFDCC20B822 D6EFBC49CB FAA0
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 3:07:16 AM
NotBefore : 2/08/2015 3:07:16 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 47FCF1127BDAD29647614998DB F14CE8
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 5A2DEF3EBD6A951D64F97A2972 932088EF4E 649C
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 12:53:37 AM
NotBefore : 2/08/2015 12:53:37 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 68AF331B53583F9149BD161E97 16AB8D
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 9769CA59E79A263A0FB7DFD457 D07A643B3B 7F83
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 10:31:32 PM
NotBefore : 1/08/2015 10:31:32 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3819607C9454F9B54B8EFDB9C6 C0C5F6
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 06824E13CCE4514424168FF105 DC54A732B1 FCAF
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule, System.Security.AccessCont rol.Crypto KeyAccessR ule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 9:34:03 PM
NotBefore : 1/08/2015 9:34:03 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 27AE24DA4D6734914E0ACDA0ED EF5D6B
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 05560459698E1D8865216F271E 41CD40109E 3CB9
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a u, autodiscover.domain.com.au , autodiscover.local.domain. com.au,
autodiscover.elamotors.com .pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 1/08/2015 11:25:34 AM
NotBefore : 1/08/2013 11:25:34 AM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 659034A700010000016B
Services : IMAP, POP, IIS, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 94A80E70EFF1B2C5932009B164 CF988CD653 E525
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System.Security.AccessCont rol.Crypto KeyAccessR ule, System.Security.AccessCont rol.Crypt
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a u, autodiscover.domain.com.au , autodiscover.local.domain. com.au,
autodiscover.elamotors.com .pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 25/05/2014 3:13:21 PM
NotBefore : 25/05/2012 3:13:21 PM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 76BA831E0001000000DD
Services : IMAP, POP, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, O=local domain South Pacific Holdings Pty Ltd, C=AU
Thumbprint : 575B73C9CB836D40ED799790EA 297A1DB764 0CFD
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
NotAfter : 2/08/2016 2:38:28 PM
NotBefore : 2/08/2015 2:38:28 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 2432AE43855FA29B4023186319
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
Thumbprint : 432FB48C6ADBB08D062C710352
AccessRules : {System.Security.AccessCon
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
NotAfter : 2/08/2016 9:30:53 AM
NotBefore : 2/08/2015 9:10:53 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 089E8CE5EC74AE8849F23EE151
Services : None
Status : Valid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 2CDC28049F1727CBE6CD24C64C
AccessRules : {System.Security.AccessCon
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
NotAfter : 2/08/2016 3:37:08 AM
NotBefore : 2/08/2015 3:17:08 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3FE5A404B66E04AE4D7EFA993C
Services : None
Status : Valid
Subject : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
Thumbprint : BFC6AA7FB004A32FFDCC20B822
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 3:07:16 AM
NotBefore : 2/08/2015 3:07:16 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 47FCF1127BDAD29647614998DB
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 5A2DEF3EBD6A951D64F97A2972
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 12:53:37 AM
NotBefore : 2/08/2015 12:53:37 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 68AF331B53583F9149BD161E97
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 9769CA59E79A263A0FB7DFD457
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 10:31:32 PM
NotBefore : 1/08/2015 10:31:32 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3819607C9454F9B54B8EFDB9C6
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 06824E13CCE4514424168FF105
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 9:34:03 PM
NotBefore : 1/08/2015 9:34:03 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 27AE24DA4D6734914E0ACDA0ED
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 05560459698E1D8865216F271E
AccessRules : {System.Security.AccessCon
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 1/08/2015 11:25:34 AM
NotBefore : 1/08/2013 11:25:34 AM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 659034A700010000016B
Services : IMAP, POP, IIS, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 94A80E70EFF1B2C5932009B164
AccessRules : {System.Security.AccessCon
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 25/05/2014 3:13:21 PM
NotBefore : 25/05/2012 3:13:21 PM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 76BA831E0001000000DD
Services : IMAP, POP, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, O=local domain South Pacific Holdings Pty Ltd, C=AU
Thumbprint : 575B73C9CB836D40ED799790EA
Download the tool and create CSR.
Then renew your certificate.
https://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm
Configure your certificate and other URLs
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
Then renew your certificate.
https://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm
Configure your certificate and other URLs
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
ASKER
do i need to purchase single site SSL certificate or multi site SSL certificate?
ASKER
MAS Step1 of your instructions for the first link is to install the certificate, which certificate i am installing?
You need to have multiple domain (UC) certificate from a 3rd party CA
Create CSR using my tool provided above.
Let them issue the certificate and then download the certificate from the control panel of the 3rd party CA portal.
Then install using the link provided above
You need 2 names if you have only 1 email domain.
1. mail.emaildomain.com
2. autodiscover.emaildomain.c om
It is explained my article above regarding the names required
Create CSR using my tool provided above.
Let them issue the certificate and then download the certificate from the control panel of the 3rd party CA portal.
Then install using the link provided above
You need 2 names if you have only 1 email domain.
1. mail.emaildomain.com
2. autodiscover.emaildomain.c
It is explained my article above regarding the names required
ASKER
Certification has been installed and emails have started coming, but now on outlook and on some websites we are getting the following error attached.
Website-Error.jpg
Exchange-Email-cert-fail-1.JPG
Website-Error.jpg
Exchange-Email-cert-fail-1.JPG
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The errors are still not fixed :-(
[PS] C:\Windows\system32>get-ex changecert ificate
Thumbprint Services Subject
---------- -------- -------
C941FFCAB21DC6BCD1FC5F0F2E 4955351CE8 3767 IP.WS CN=webmail.domain.com.au, OU=Domain Control Validated
5A2DEF3EBD6A951D64F97A2972 932088EF4E 649C ....S CN=BNEMES01
9769CA59E79A263A0FB7DFD457 D07A643B3B 7F83 ....S CN=BNEMES01
575B73C9CB836D40ED799790EA 297A1DB764 0CFD IP..S CN=webmail.domain.com.au, O=local South Pacific Holdings Pty Ltd, C=AU
for the top one i.e. C941FFCAB21DC6BCD1FC5F0F2E 4955351CE8 3767, what do I have to do , so that for its services, it will display....IP..S
[PS] C:\Windows\system32>get-ex
Thumbprint Services Subject
---------- -------- -------
C941FFCAB21DC6BCD1FC5F0F2E
5A2DEF3EBD6A951D64F97A2972
9769CA59E79A263A0FB7DFD457
575B73C9CB836D40ED799790EA
for the top one i.e. C941FFCAB21DC6BCD1FC5F0F2E
Enable-ExchangeCertificate -Server 'EXCH-H-868' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'C941FFCAB21DC6BCD1FC5F0F2 E4955351CE 83767'
should do the trick
should do the trick
ASKER
That certificate is only purchased for webmail (From GoDaddy). So still I should enable it for IMAP,POP and SMTP?
ASKER
getting this error when i run the command you listed.....
Enable-ExchangeCertificate : A parameter cannot be found that matches parameter name 'Server'.
At line:1 char:35
+ Enable-ExchangeCertificate -Server <<<< 'Exchange' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'C941FFCAB21DC6BCD1FC5F0F2 E4955351CE 83767'
+ CategoryInfo : InvalidArgument: (:) [Enable-ExchangeCertificat e], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic rosoft.Exc hange.Mana gement.Sys temConfigu rationTask s.EnableEx changeCert ificate
Enable-ExchangeCertificate
At line:1 char:35
+ Enable-ExchangeCertificate
+ CategoryInfo : InvalidArgument: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic
Please run this on all servers and let me know
Enable-ExchangeCertificate -Services 'IMAP, POP, IIS, SMTP' -Thumbprint <Thumbprint-of-the-new-certificate>
ASKER
Thanks guys, on browser, its still tying to refer to old cert, even though I have deleted it.
We have a TMG server as well, do I have to do anything on it? I have already imported the certificate on TMG server.
kindly see the attached error.
Cert.jpg
We have a TMG server as well, do I have to do anything on it? I have already imported the certificate on TMG server.
kindly see the attached error.
Cert.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The one I posted is the expired one, and I got the new cert from GoDaddy, the old one is already deleted......under services for new cert it shows IP.WS
ASKER
I believe it should show IP..S ?
It shouls be like this on the new Godaddy certificate
IP.WS
IMAP, POP, IIS, SMTP (command result)
IP.WS
IMAP, POP, IIS, SMTP (command result)
ASKER
So what do I have to do, so that on browser it starts pointing to new cert?
post the result of this command
Get-ExchangeCertificate | fl Services,IsSelfSigned,Thumbprint
ASKER
Services : IMAP, POP, IIS, SMTP
IsSelfSigned : False
Thumbprint : C941FFCAB21DC6BCD1FC5F0F2E 4955351CE8 3000
IsSelfSigned : False
Thumbprint : C941FFCAB21DC6BCD1FC5F0F2E
This is correct.
Anyway please check the certificate thumbprint when you open OWA by clicking view certificate.
If it is not the same then there is some intermediate device is in play
Anyway please check the certificate thumbprint when you open OWA by clicking view certificate.
If it is not the same then there is some intermediate device is in play
ASKER
When I access owa it gives IIS7 screen.
Are there any further checks I can do?
Are there any further checks I can do?
open OWA by typing https://mail.domain.com/owa
ASKER
Already tried this, getting this message....
The webpage at https://mail.domian.com/owa might be temporarily down or it may have moved permanently to a new web address.
The webpage at https://mail.domian.com/owa might be temporarily down or it may have moved permanently to a new web address.
ASKER
I can access it by IP address, not by mail.domain.com name.....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, how can I check it if its splitDNS or not?
and how can I resolve it?
and how can I resolve it?
what IP is returned when you ping mail.domain.com
it should return the IP of the server, not the IP of your external interface.
To get it to return the IP of your server you need to create a primary zone in your DNS server for domain.com and then create an a record for mail that points to the server. This is called a split DNS as the IP returned is different from internal to external.
Cheers
Andrew
it should return the IP of the server, not the IP of your external interface.
To get it to return the IP of your server you need to create a primary zone in your DNS server for domain.com and then create an a record for mail that points to the server. This is called a split DNS as the IP returned is different from internal to external.
Cheers
Andrew
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exceptional assistance, too good, thanks to all experts for there assistance...
ASKER
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
NotAfter : 2/08/2016 2:38:28 PM
NotBefore : 2/08/2015 2:38:28 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 2432AE43855FA29B4023186319
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
Thumbprint : 432FB48C6ADBB08D062C710352
AccessRules : {System.Security.AccessCon
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
NotAfter : 2/08/2016 9:30:53 AM
NotBefore : 2/08/2015 9:10:53 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 089E8CE5EC74AE8849F23EE151
Services : None
Status : Valid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 2CDC28049F1727CBE6CD24C64C
AccessRules : {System.Security.AccessCon
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
NotAfter : 2/08/2016 3:37:08 AM
NotBefore : 2/08/2015 3:17:08 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3FE5A404B66E04AE4D7EFA993C
Services : None
Status : Valid
Subject : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
Thumbprint : BFC6AA7FB004A32FFDCC20B822
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 3:07:16 AM
NotBefore : 2/08/2015 3:07:16 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 47FCF1127BDAD29647614998DB
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 5A2DEF3EBD6A951D64F97A2972
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 2/08/2016 12:53:37 AM
NotBefore : 2/08/2015 12:53:37 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 68AF331B53583F9149BD161E97
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 9769CA59E79A263A0FB7DFD457
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 10:31:32 PM
NotBefore : 1/08/2015 10:31:32 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 3819607C9454F9B54B8EFDB9C6
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 06824E13CCE4514424168FF105
AccessRules : {System.Security.AccessCon
oKeyAccessRule, System.Security.AccessCont
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=BNEMES01
NotAfter : 1/08/2016 9:34:03 PM
NotBefore : 1/08/2015 9:34:03 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 27AE24DA4D6734914E0ACDA0ED
Services : SMTP
Status : Valid
Subject : CN=BNEMES01
Thumbprint : 05560459698E1D8865216F271E
AccessRules : {System.Security.AccessCon
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 1/08/2015 11:25:34 AM
NotBefore : 1/08/2013 11:25:34 AM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 659034A700010000016B
Services : IMAP, POP, IIS, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint : 94A80E70EFF1B2C5932009B164
AccessRules : {System.Security.AccessCon
oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.a
autodiscover.elamotors.com
cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter : 25/05/2014 3:13:21 PM
NotBefore : 25/05/2012 3:13:21 PM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 76BA831E0001000000DD
Services : IMAP, POP, SMTP
Status : DateInvalid
Subject : CN=webmail.domain.com.au, O=local domain South Pacific Holdings Pty Ltd, C=AU
Thumbprint : 575B73C9CB836D40ED799790EA