|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Exchange 2007 Certificatehave, and deleted the Exchange certificates in the personal folder under local computer certificates. Which mean I don’t have the Exchange 2007 self generated certificate for my mail server and SSL. I am getting errors that the myserver.mydomain.local and the mail.mydomain.com certificates are gone. I have used the commands remove-certificates, and netsh http remove sslcert ipport=0.0.0.0:443, just to tell you everything, I’m not to proud of this. So I then tried to recreate them with the new-exchangecertificate command for both the external and internal domain name. I then used the get-exchangecertificate for the mail.mydomain.com certificate to get its thumbprint so I could the use the enable-exchangecertificate for the smtp and the same command for the IIS,POP,Imap. After doing this the 2 certificates were in the personal folder and I stopped seeing error messages in the event viewer and was able to get back into OWA. I reran the Exchange Analyzer and now have 2 issues about subject alternative name (SAN) of SSL certificate for OWA and Microsoft-Server-Activesync so I know I have done something wrong. The Exchange server is a member server of my domain and I don’t have a certificate authority server in my domain, please help. If some on can help me start fresh with the correct process that would be great. Thanks Ryan. I think I might have fixed my error can some on please confirm I did this
correctly. I removed all the personal certificates I created and started fresh. I ran the command - New-ExchangeCertificate -PrivateKeyExportable $True -Services “IMAP, POP, IIS, SMTP†-SubjectName “cn=MyServername" -DomainName "mail.mydomainname.com", "myservername", "myservername.internaldomainname.local". This seemed to work and I don't have any errors in the event log. When I run the Analyzer I get 2 warnings - 1st error - The SSL certificate for 'https://myservername.internaldomainname.local/Microsoft-Server-ActiveSync' is self-signed. It does not provide any of the security guarantees provided by authority-signed or trusted certificates. It is strongly recommended that you install an authority-signed or trusted certificate. The second error is the same except for 'https://exchange07.fds.local/owa'. Does this look right? Thanks for the time, Ryan. Show quoteHide quote "Ryan Laurie" wrote: > Hi everyone lets just say someone (ME) was doing some cleanup where he should > have, and deleted the Exchange certificates in the personal folder under > local computer certificates. Which mean I don’t have the Exchange 2007 self > generated certificate for my mail server and SSL. I am getting errors that > the myserver.mydomain.local and the mail.mydomain.com certificates are gone. > I have used the commands remove-certificates, and netsh http remove sslcert > ipport=0.0.0.0:443, just to tell you everything, I’m not to proud of this. > So I then tried to recreate them with the new-exchangecertificate command for > both the external and internal domain name. I then used the > get-exchangecertificate for the mail.mydomain.com certificate to get its > thumbprint so I could the use the enable-exchangecertificate for the smtp and > the same command for the IIS,POP,Imap. After doing this the 2 certificates > were in the personal folder and I stopped seeing error messages in the event > viewer and was able to get back into OWA. I reran the Exchange Analyzer and > now have 2 issues about subject alternative name (SAN) of SSL certificate for > OWA and Microsoft-Server-Activesync so I know I have done something wrong. > The Exchange server is a member server of my domain and I don’t have a > certificate authority server in my domain, please help. If some on can help > me start fresh with the correct process that would be great. > > Thanks Ryan. It looks right, and the "error" in the log is just explaining some of the
limitations of the self-signed cert to you. If you have an internal CA, you might want to consider requesting a REAL cert from it and replacing the sef-signed cert. Otherwise, just ignore the "error". Deji Show quoteHide quote "Ryan Laurie" <RyanLau***@discussions.microsoft.com> wrote in message news:0DE8C6B4-4E46-416D-8F85-0C7E9F3B71D2@microsoft.com... >I think I might have fixed my error can some on please confirm I did this > correctly. I removed all the personal certificates I created and started > fresh. I ran the command - New-ExchangeCertificate -PrivateKeyExportable > $True -Services “IMAP, POP, IIS, SMTP†-SubjectName “cn=MyServername" > -DomainName "mail.mydomainname.com", "myservername", > "myservername.internaldomainname.local". This seemed to work and I don't > have any errors in the event log. When I run the Analyzer I get 2 > warnings - > > 1st error - > > The SSL certificate > for > 'https://myservername.internaldomainname.local/Microsoft-Server-ActiveSync' > is self-signed. It does not provide any of the security guarantees > provided > by authority-signed or trusted certificates. It is strongly recommended > that > you install an authority-signed or trusted certificate. > > The second error is the same except for > 'https://exchange07.fds.local/owa'. > > Does this look right? Thanks for the time, Ryan. > > "Ryan Laurie" wrote: > >> Hi everyone lets just say someone (ME) was doing some cleanup where he >> should >> have, and deleted the Exchange certificates in the personal folder under >> local computer certificates. Which mean I don’t have the Exchange 2007 >> self >> generated certificate for my mail server and SSL. I am getting errors >> that >> the myserver.mydomain.local and the mail.mydomain.com certificates are >> gone. >> I have used the commands remove-certificates, and netsh http remove >> sslcert >> ipport=0.0.0.0:443, just to tell you everything, I’m not to proud of >> this. >> So I then tried to recreate them with the new-exchangecertificate command >> for >> both the external and internal domain name. I then used the >> get-exchangecertificate for the mail.mydomain.com certificate to get its >> thumbprint so I could the use the enable-exchangecertificate for the smtp >> and >> the same command for the IIS,POP,Imap. After doing this the 2 >> certificates >> were in the personal folder and I stopped seeing error messages in the >> event >> viewer and was able to get back into OWA. I reran the Exchange Analyzer >> and >> now have 2 issues about subject alternative name (SAN) of SSL certificate >> for >> OWA and Microsoft-Server-Activesync so I know I have done something >> wrong. >> The Exchange server is a member server of my domain and I don’t have a >> certificate authority server in my domain, please help. If some on can >> help >> me start fresh with the correct process that would be great. >> >> Thanks Ryan.  
Thread options
Other interesting topics
Multiple Domain Routing - Exchange 2003
SAN Certificate on NLBC CAS Nodes Outlook 07: Rule only working sporadically Missing emails when using Outlook Web Access Exchange Routing Can one Exchange host more than one domain? Synchronization Error Licensing for Exchange 2003 Update Rollup 6 for Exchange 2007 SP1 - Error Installing Sending emails to Distributions list sometimes doesn't get deliver |
|||||||||||||||||||||||
