Hi,

Just enabled co-existence with 2013 and 2007.  We are having certs errors on OWA saying the cert is for the machine name (which is not trusted).  I had assigned a third-party cert to the iis service, but notice the built-in cert also is assigned to iis.  When I use a get-exchangecertificates in the admin shell it returns the certs from one of the backend mail servers, and not from the local CAS server?  Anyone have any idea what would cause this and how to resolve it?

Thank you,

Kurt

• Edited by k2009 9 hours 13 minutes ago

What you're seeing in Get-ExchangeCertificate (singular, not plural) is probably normal.  In Exchange 2013, when you see the self-signed certificate assigned to IIS, that probably means that it's assigned to the Exchange Back End website, which it should be.  You can verify the true assignments in IIS Administrator.

Now, why you're not seeing the right certificate would depend on where the URL you're using points, and what certificate is bound to the CAS functions.

Hi,

You can run the following command to check your certificate settings on Exchange server:

Get-ExchangeCertificate | fl

If you have assigned IIS service on the third-party certificate, you don't need to assign IIS service for the self-signed certificate.

https://technet.microsoft.com/en-us/library/dd351257(v=exchg.141).aspx

Regards,

David