Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

enable-ExchangeCertificate warning with Wildcard cert

435 views
Skip to first unread message

Aaron

unread,
Dec 1, 2008, 9:56:47 AM12/1/08
to
I'm setting up an Exchange 2007 SP1 client access server. I have it
installed and things seem to be set up and working well. I started
working on getting SSL configured for POP3 and IMAP. We have a
wildcard cert (*.domain.com) that we use for most SSL purposes. It's
currently working find on our Exchange 2003 server. I installed it
into IIS on the CAS and OWA 2007 works great with it. When I would do
a "get-ExchangeCertificate" it would show the self signed cert for
POP3 and IMAP and the wildcard cert for WWW. So far, so good. I
tried issuing the enable-ExchangeCertificate command to switch IMAP
and POP over to the wildcard cert but got the following errors:

WARNING: This certificate will not be used for external TLS
connections with a
FQDN of '*.domain.com' because the self-signed certificate with
thumbprint
'<Thumbprint of WILDCARD cert here>' takes precedence. The following
connectors match that FQDN: POP3.

WARNING: This certificate will not be used for external TLS
connections with a
FQDN of '*.domain.com' because the self-signed certificate with
thumbprint
'<Thumbprint of WILDCARD cert here>' takes precedence. The following
connectors match that FQDN: IMAP4.

At one point I actually REMOVED the self signed certificate (in
retrospect, I think that was a bad move..any way to recreate it?) and
also tried running the command with the IMAP and POP services
shutdown. The odd part is that if I restart the services, they'll
just automatically pick up the wildcard cert and use it, but "get-
ExchangeCertificates" doesn't show the wild card cert as being applied
to those services.....

Whaaaaa....? What did I miss and/or do wrong here?


Martin Blackstone [MVP]

unread,
Dec 1, 2008, 10:03:03 AM12/1/08
to
http://support.microsoft.com/kb/948896

Additionally you will have issues with Windows Mobile devices if using a
wildcard cert.

"Aaron" <Aaron...@kzoo.edu> wrote in message
news:c451307d-2e75-466b...@j35g2000yqh.googlegroups.com...

Aaron

unread,
Dec 1, 2008, 10:23:23 AM12/1/08
to
On Dec 1, 10:03 am, "Martin Blackstone [MVP]" <mart...@myrealbox.com>
wrote:

> http://support.microsoft.com/kb/948896
>
> Additionally you will have issues with Windows Mobile devices if using a
> wildcard cert.
>

That isn't the same error I'm getting, but I tried applying that
update roll up anyway. Made
no difference whatsoever.

Smile23

unread,
Jan 12, 2010, 10:03:56 AM1/12/10
to
I'm having the same issues described here.

Was wondering if removing the x509 certificate name from the imap/pop
service and re-adding the cert will fix it?

Or if you had found another solution?

I've used wildcards without issue in 2003 and can't justify biting the
bullet and buying a SAN or UCC cert...

Thanks,

James

url:http://www.ureader.com/msg/116632281.aspx

0 new messages