INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Wildcard Cert - invalid for exchange server usage

Share

Wildcard Cert - invalid for exchange server usage

Wildcard Cert - invalid for exchange server usage

(OP)
We got a wildcart cert from godaddy that we currently use on our exchange 2003 box.

I'm setting up our to be exchange 2010 box and I import our wildcard cert under Server Config\exchange certificates - imports just fine.  However, once it's imported, the "Default Web Site" shows up and says "The certificate is invalid for Exchange Server usage."

There's also the "Microsoft Exchange" Cert there that's self signed and it checks out just fine and has all the services assigned to it.. Anyway, I want to use this wildcard godaddy cert for TLS.  Anyone else seeing this message when they import a third party cert or wildcard?

RE: Wildcard Cert - invalid for exchange server usage

Did you install the intermediate cert from GoDaddy?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

RE: Wildcard Cert - invalid for exchange server usage

(OP)
I installed the Go Daddy PKCS7 Certificate Intermediates Bundle for IIS..

RE: Wildcard Cert - invalid for exchange server usage

Do a

CODE --> PowerShell

Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status

See if it's valid or pending.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

RE: Wildcard Cert - invalid for exchange server usage

Whoops -

Let's use

CODE --> PowerShell

Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status,services

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

RE: Wildcard Cert - invalid for exchange server usage

(OP)
hmm.. that doesn't return anything.

RE: Wildcard Cert - invalid for exchange server usage

Do you get anything by using just Get-ExchangeCertificate?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

RE: Wildcard Cert - invalid for exchange server usage

(OP)
yeah.. that shows my wildcard cert and the self-signed cert.

RE: Wildcard Cert - invalid for exchange server usage

What does it say for Status and Services for the wildcard?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
http://www.ucblogs.net/blogs/exchange/
 

RE: Wildcard Cert - invalid for exchange server usage

(OP)
Doesn't show any status, just thumbprint/services/subject.

Services are all assigned to the self-signed cert at the moment so the services for the wildcard are empty.

RE: Wildcard Cert - invalid for exchange server usage

(OP)
That's what I did before removing all the service because of the error, I tried it again though and got the same message I got using the GUI:

[PS] C:\>Enable-ExchangeCertificate FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F -services "POP,IIS,SMTP"
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail1.ourdomain.com'
 because the self-signed certificate with thumbprint '6F22A6F3452CCCBFDC4D2012DF5770EB0339F9F4' takes precedence. The
following receive/send connectors match that FQDN: Default MAIL1, Client MAIL1.
WARNING: This certificate with thumbprint FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F and subject '*.ourdomain.com'
 cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command
Set-POPSettings to set X509CertificateName to the FQDN of the service.

RE: Wildcard Cert - invalid for exchange server usage

(OP)
also, after enabling it via the command line, the same invalid for exchange server usage message is still there..

RE: Wildcard Cert - invalid for exchange server usage

(OP)
Go this working.  When I downloaded the cert originally I choose to use it on IIS6 - I re-keyed and dl'd it again as IIS7 and the message is gone.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close