Please advise on these certs...
Hi Everyone,
We have Exchange 2007 running on SBS 2008.
I have a user in Outlook getting an error that a cert is expired and I have followed some instructions I found on the web to renew it, but I think it may have created new certs and still left the old ones too. The error in Outlook still persists.
I used the command to show all the certs and this is what I get:
I've substituted myemaildomain, myexchangeserver, and mydomain for the real values and removed the serialnumber/thumbprints in case these aren't things I should post.
Do I have TOO many certs? Do I need to delete the old one that is still causing the error in Outlook? Is there someplace I need to change it to point to the replacement cert for it?
Thanks,
Alan
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=remote.myemaildomain.com
NotAfter : 6/20/2013 1:56:45 PM
NotBefore : 6/20/2012 1:56:45 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.myemaildomain.com
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Sites
NotAfter : 6/20/2013 1:55:40 PM
NotBefore : 6/20/2012 1:55:40 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=remote.myemaildomain.com
NotAfter : 6/20/2013 1:55:27 PM
NotBefore : 6/20/2012 1:55:27 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.myemaildomain.com
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Sites
NotAfter : 6/11/2013 3:00:00 PM
NotBefore : 6/11/2012 3:00:00 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=Sites
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=remote.myemaildomain.com
NotAfter : 6/11/2013 2:59:30 PM
NotBefore : 6/11/2012 2:59:30 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=remote.myemaildomain.com
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {myexchangeserver, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=myexchangeserver
NotAfter : 6/6/2013 8:06:24 AM
NotBefore : 6/6/2012 8:06:24 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=myexchangeserver
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-myexchangeserver-CA
NotAfter : 3/3/2013 4:10:58 PM
NotBefore : 3/3/2012 4:10:58 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=myexchangeserver.mydomain.local
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.myemaildomain.com, myemaildomain.com, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-myexchangeserver-CA
NotAfter : 5/26/2012 7:30:37 PM
NotBefore : 5/27/2010 7:30:37 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : ...
Services : IMAP, POP, IIS, SMTP
Status : DateInvalid
Subject : CN=remote.myemaildomain.com
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-8GXF6BTT5EI}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-8GXF6BTT5EI
NotAfter : 5/24/2020 2:44:58 PM
NotBefore : 5/27/2010 2:44:58 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : ...
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-8GXF6BTT5EI
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, myexchangeserver.mydomain.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-myexchangeserver-CA
NotAfter : 5/26/2012 12:52:27 PM
NotBefore : 5/27/2010 12:52:27 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : ...
Services : IMAP, POP, SMTP
Status : DateInvalid
Subject : CN=Sites
Thumbprint : ...
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mydomain-myexchangeserver-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mydomain-myexchangeserver-CA
NotAfter : 5/27/2015 1:01:45 PM
NotBefore : 5/27/2010 12:51:46 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : ...
Services : None
Status : Valid
Subject : CN=mydomain-myexchangeserver-CA
Thumbprint : ...
June 20th, 2012 2:16pm
Are you using SBS? It looks like it from the list.
I would suggest removing all of the certificates, then re-run the Internet Domain Name wizard in SBS management console. A new self signed certificate will be created.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2012 5:30pm
Hi Simon,
Thanks, I will give that a try.
Alan
June 22nd, 2012 1:20pm