Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Wildcard Cert - invalid for exchange server usage

snootalope (IS/IT--Management)
26 Feb 10 12:24
We got a wildcart cert from godaddy that we currently use on our exchange 2003 box.

I'm setting up our to be exchange 2010 box and I import our wildcard cert under Server Config\exchange certificates - imports just fine.  However, once it's imported, the "Default Web Site" shows up and says "The certificate is invalid for Exchange Server usage."

There's also the "Microsoft Exchange" Cert there that's self signed and it checks out just fine and has all the services assigned to it.. Anyway, I want to use this wildcard godaddy cert for TLS.  Anyone else seeing this message when they import a third party cert or wildcard?
58sniper (MIS)
26 Feb 10 12:38
Did you install the intermediate cert from GoDaddy?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

snootalope (IS/IT--Management)
26 Feb 10 12:51
I installed the Go Daddy PKCS7 Certificate Intermediates Bundle for IIS..
58sniper (MIS)
26 Feb 10 13:01
Do a

CODE --> PowerShell

Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status

See if it's valid or pending.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

58sniper (MIS)
26 Feb 10 13:03
Whoops -

Let's use

CODE --> PowerShell

Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status,services

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

snootalope (IS/IT--Management)
26 Feb 10 13:18
hmm.. that doesn't return anything.
58sniper (MIS)
26 Feb 10 13:51
Do you get anything by using just Get-ExchangeCertificate?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

snootalope (IS/IT--Management)
26 Feb 10 13:52
yeah.. that shows my wildcard cert and the self-signed cert.
58sniper (MIS)
26 Feb 10 19:05
What does it say for Status and Services for the wildcard?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

snootalope (IS/IT--Management)
1 Mar 10 11:41
Doesn't show any status, just thumbprint/services/subject.

Services are all assigned to the self-signed cert at the moment so the services for the wildcard are empty.
58sniper (MIS)
1 Mar 10 12:19
Ah - you need to enable the wildcard cert for the services you want to use it for. Likely SMTP and IIS.

http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

snootalope (IS/IT--Management)
1 Mar 10 12:26
That's what I did before removing all the service because of the error, I tried it again though and got the same message I got using the GUI:

[PS] C:\>Enable-ExchangeCertificate FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F -services "POP,IIS,SMTP"
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail1.ourdomain.com'
 because the self-signed certificate with thumbprint '6F22A6F3452CCCBFDC4D2012DF5770EB0339F9F4' takes precedence. The
following receive/send connectors match that FQDN: Default MAIL1, Client MAIL1.
WARNING: This certificate with thumbprint FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F and subject '*.ourdomain.com'
 cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command
Set-POPSettings to set X509CertificateName to the FQDN of the service.
snootalope (IS/IT--Management)
1 Mar 10 12:26
also, after enabling it via the command line, the same invalid for exchange server usage message is still there..
snootalope (IS/IT--Management)
11 Mar 10 9:02
Go this working.  When I downloaded the cert originally I choose to use it on IIS6 - I re-keyed and dl'd it again as IIS7 and the message is gone.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close