A little background.: We've been running an Exchange 2007 server for some time. I'm in the process of migrating to Exchange 2010. The 2010 server is installed and running along side the 2k7 server. All mailboxes are still presently on the 2k7 server. I've imported our Wildcard Certificate from Network Solutions into the Exchange 2010 server. After installing it, I've tried to bind IMAP, POP, SMTP, and IIS to it. I've only been able to successfully bind IIS and SMTP to it. Here's what I get when I try to bind all the services to it Summary: 1 item(s). 1 succeeded, 0 failed. Elapsed time: 00:00:00 EX2K10 Completed Warning: This certificate with thumbprint 0A02849AA284B4DB1D1670DCA1C6310BA7241864 and subject '*.domain.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service. Warning: This certificate with thumbprint 0A02849AA284B4DB1D1670DCA1C6310BA7241864 and subject '*.domain.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service. Exchange Management Shell command completed: Enable-ExchangeCertificate -Server 'EX2K10' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint '0A02849AA284B4DB1D1670DCA1C6310BA7241864' Elapsed Time: 00:00:00 So I used the 'Set-POPSettings' and 'Set-IMAPSettings' to the FQDN. Here is the output from that: [PS] C:\Windows\system32>Get-Imapsettings UnencryptedOrTLSBindings SSLBindings LoginType X509CertificateName ------------------------ ----------- --------- ------------------- {:::143, 0.0.0.0:143} {:::993, 0.0.0.0:993} SecureLogin webmail.domain.com [PS] C:\Windows\system32>Get-POPSettings UnencryptedOrTLSBindings SSLBindings LoginType X509CertificateName ------------------------ ----------- --------- ------------------- {:::110, 0.0.0.0:110} {:::995, 0.0.0.0:995} SecureLogin webmail.domain.com [PS] C:\Windows\system32> So if the FQDN is set on both those services, why cant I successfully bind the Certificate to it? Thanks... Frank

http://support.microsoft.com/kb/948896 Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

http://support.microsoft.com/kb/948896 Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." Ed... That KB article seems to apply to Exchange 2007 SP1. Are you saying that it also applies to Exchange 2010? Does it also mean that as long as I set the X509 FQDN in both the IMAP and POP cmdlet, that the wildcard will work fine on them? Thank you for any additional help. Unfortunately, there doesn't seem to be a concise answer on how to do this. It appears it isn't completely support by MS, yet there also appears to be many doing it this way. Thanks... Frank

Your best option would be to use a unified communications certificate rather than a wild card certificate. Then you can have the required names as additional names. That is the preferred method for SSL with Exchange 2007/2010, which is probably why you aren't finding very much about using wildcard certificates. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

Your best option would be to use a unified communications certificate rather than a wild card certificate. Then you can have the required names as additional names. That is the preferred method for SSL with Exchange 2007/2010, which is probably why you aren't finding very much about using wildcard certificates. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources Simon... While I would agree with you, that a UCC could be the best solution, I would like to try and get this working first with a wildcard. It seems possible from what others have posted, although no one so far as posted specifics on how they got it working. I guess I'm just trying to get the most out of our wildcard certificate as possible. They aren't cheap and we dont have a huge budget. Thanks... Frank

Your best option would be to use a unified communications certificate rather than a wild card certificate. Then you can have the required names as additional names. That is the preferred method for SSL with Exchange 2007/2010, which is probably why you aren't finding very much about using wildcard certificates. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources Simon... I just got off the phone with our SSL provider and it doesn't seem like a UCC will 'break our bank'. We only get three domains included in the UCC or there is an additional charge for additional domains. Can you confirm the normal domains needed on Exchange 2010 for UCC?? webmail.domain.com = IIS, SMTP, IMAP, and POP Autodiscovery.domain.com I'm having a hard time remembering or knowing if other domain names are needed? We wont be keeping out Exchange 2007 so I dont think I'll need to get legacy.domain.com. Your additional help is greatly appreciated! :)Thanks... Frank

If you drop Network Solutions overpriced under specified certificates you can save even more money. You can get UC certificates for less than $80/year, if you avoid Network Solutions/Verisign. The wizard will usually give you the names that you need, however I still include the following: mail.example.com (common name) autodiscover.example.com (where example.com is the domain after the @ sign) server.example.local (server's FQDN) server (servers NETBIOS name) The common name can be whatever you like, but I usually use the same name for all public facing hosts, so OWA, MX, ActiveSync, Outlook Anywhere, POP3, IMAP etc. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources

In general, you shouldn't need anything but autodiscover.company.com and whatever you use for everything else, e.g., webmail.company.com. You can publish all services under webmail.company.com except for autodiscover.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."