Exchange 2007 snd Certificates
Hi, I just took a certification class for Microsoft Exchange and was told that wildcard certificates were the best certificates to get in the organization and that they worked with Exchange... Now, in practice, I am seeing that is not true for POP and IMAP. When I run the command enable-exchangecertificate -thumbprint <thumbprint> -services "POP, IMAP", I get the following errors: WARNING: This certificate will not be used for external TLS connections with an FQDN of '*.mydomain.net' because the self-signed certificate with thumbprint <thumbprint> takes precedence. The following connectors match that FQDN: POP3. WARNING: This certificate will not be used for external TLS connections with an FQDN of '*.mydomain.net' because the self-signed certificate with thumbprint '<thumbprint>' takes precedence. The following connectors match that FQDN: IMAP4. One of the weid things is that the thumbprint mentioned in the warning is the exect same thumbprint as the wildcard certificate I just purchased... Can anyone shed a light on this matter? Thanks, Allie McLachlanTS_IT
June 30th, 2011 12:15am

Just One more thing. This machine is running Exchange 2007 SP3 on Windows 2003 R2. Thanks again, AllieTS_IT
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2011 12:17am

1. I would try to set: Set-POPSetings -X509CertificateName pop.yourdmoaninnat.net and the same for IMAP4. Set-Imapsettings -X509CertificateName imap.yourdmoaninnat.net Then restart the service for pop & imap and test connecting.Sukh
June 30th, 2011 1:25am

Hi Sukh, I tried the command wilth Pop and it seems to be working. Now do I rerun the: enable-exchangecertificate -thumbprint <thumbprint> -services "POP" again after using our fix? Please let me know! Thanks again, AllieTS_IT
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2011 3:16am

Hi Sukh, I ran the command for IMAP and it seems to be working fine. The only thing that now, when I run Best Practices Analizer, I get the following error: Certificate SAN mismatch The subject alternative name (SAN) of SSL certificate forhttps://server.mydomain.com/Microsoft-Server_ActiveSync does not appear to match the host address. Host address: server.mydomain.com. Current SAN: DNS Name=*.mydomain,com Same goes for owa, autodiscover. etc... please let me know how to proceed! Thanks, Allie TS_IT
July 7th, 2011 1:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics