Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wildcard Cert - invalid for exchange server usage

Status
Not open for further replies.
snootalope

snootalope

IS-IT--Management
Jun 28, 2001
1,706
US
We got a wildcart cert from godaddy that we currently use on our exchange 2003 box.

I'm setting up our to be exchange 2010 box and I import our wildcard cert under Server Config\exchange certificates - imports just fine. However, once it's imported, the "Default Web Site" shows up and says "The certificate is invalid for Exchange Server usage."

There's also the "Microsoft Exchange" Cert there that's self signed and it checks out just fine and has all the services assigned to it.. Anyway, I want to use this wildcard godaddy cert for TLS. Anyone else seeing this message when they import a third party cert or wildcard?
 
Sort by date Sort by votes
I installed the Go Daddy PKCS7 Certificate Intermediates Bundle for IIS..
 
Upvote 0 Downvote
Do a
Code: 
Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status

See if it's valid or pending.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Whoops -

Let's use

Code: 
Get-ExchangeCertificate | ? {$_.RootCAType -eq 'ThirdParty'} | fl issuer,status,services

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
yeah.. that shows my wildcard cert and the self-signed cert.
 
Upvote 0 Downvote
Doesn't show any status, just thumbprint/services/subject.

Services are all assigned to the self-signed cert at the moment so the services for the wildcard are empty.
 
Upvote 0 Downvote
That's what I did before removing all the service because of the error, I tried it again though and got the same message I got using the GUI:

[PS] C:\>Enable-ExchangeCertificate FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F -services "POP,IIS,SMTP"
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail1.ourdomain.com'
because the self-signed certificate with thumbprint '6F22A6F3452CCCBFDC4D2012DF5770EB0339F9F4' takes precedence. The
following receive/send connectors match that FQDN: Default MAIL1, Client MAIL1.
WARNING: This certificate with thumbprint FFD02E87BD29D6C3ED9C7497CF6304F7BFB4364F and subject '*.ourdomain.com'
cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command
Set-POPSettings to set X509CertificateName to the FQDN of the service.
 
Upvote 0 Downvote
also, after enabling it via the command line, the same invalid for exchange server usage message is still there..
 
Upvote 0 Downvote
Go this working. When I downloaded the cert originally I choose to use it on IIS6 - I re-keyed and dl'd it again as IIS7 and the message is gone.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top