locked
Problems with assigning services to a wildcard certificate RRS feed

  • Question

  • Hi all!

    I am having problems with assigning services to a wildcard certificate. When I use the Enable-ExchangeCertificate I get this output:

    WARNING: This certificate with thumbprint 0151E2D4BD39919DCADD2CED2A883C4E7AB3065E and subject '*.domain.com' cannot used
    for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command
    Set-POPSettings to set X509CertificateName to the FQDN of the service.
    WARNING: This certificate with thumbprint 0151E2D4BD39919DCADD2CED2A883C4E7AB3065E and subject '*.domain.com' cannot used
    for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command
    Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

    My question is where do I set the FQDN? Maybe I am asking a dumb question here but I have never seen this error before and I have done this a couple of times.


    Pittbull

    Monday, October 29, 2012 10:47 AM

Answers

  • Hi

    You need to use Set-POPSettings and Set-IMAPSettings to use a wildcard certificate with these services.  Enable-ExchangeCertificate does not support POP and IMAP for wildcards.

    Read the first yellow "Important" box in this article: http://technet.microsoft.com/en-us/library/aa997231.aspx

    Cheers, Steve


    Edit to add: The FQDN would be whatever your users will use to access the service e.g. imap.yourdomain.com
    • Edited by steve siyavaya Monday, October 29, 2012 11:13 AM
    • Marked as answer by PittbullNO Monday, October 29, 2012 12:36 PM
    Monday, October 29, 2012 11:12 AM

All replies

  • Hi

    You need to use Set-POPSettings and Set-IMAPSettings to use a wildcard certificate with these services.  Enable-ExchangeCertificate does not support POP and IMAP for wildcards.

    Read the first yellow "Important" box in this article: http://technet.microsoft.com/en-us/library/aa997231.aspx

    Cheers, Steve


    Edit to add: The FQDN would be whatever your users will use to access the service e.g. imap.yourdomain.com
    • Edited by steve siyavaya Monday, October 29, 2012 11:13 AM
    • Marked as answer by PittbullNO Monday, October 29, 2012 12:36 PM
    Monday, October 29, 2012 11:12 AM
  • Hi Steve

    I used these two Powershell commands on our CAS/HUB server:

    Set-ImapSettings -Server exchange2010 -X509CertificateName cas1.mydomain.com

    set-POPSettings -Server exchange2010 -X509CertificateName cas1.mydomain.com

    And that did it. Thank you very much. Now the wilcard certificate have the IMAP, POP, IIS and SMTP services attached to it. Do I need to run a IISRESET on the CAS/HUB server? Also another question. The self-signed certificate have still SMTP service attached to it. Do I have to remove that service?


    Pittbull

    Monday, October 29, 2012 12:34 PM
  • Keep the self signed certificate for SMTP (i.e. when you enable the wild card cert, don't remove the self-signed cert for SMTP).

    I would just bounce the IMAP service (also check when you get-exchangecertificate you don't see IMAP or POP bound to the wild card cert) :)

    Monday, October 29, 2012 12:48 PM
  • Ok. I will just leave things as they are now.

    Thank you very much for your help.


    Pittbull

    Monday, October 29, 2012 1:05 PM
  • I have tried the option of PittBullNO :

    Set-ImapSettings -Server exchange2010 -X509CertificateName cas1.mydomain.com

    set-POPSettings -Server exchange2010 -X509CertificateName cas1.mydomain.com

    But still same message and unable to assign POP/IMAP to the wildcard-certificate (also after an iisreset), what to do?

    Tx

    Tuesday, March 12, 2013 12:49 PM
  • please present output of get-exchangecertificate | fl on your CAS server

    (sanitise the data if you wish)

    Tuesday, March 12, 2013 1:03 PM
  • i have the same problem but I have not yet solved. I followed the various guides on the internet but do not come out...

    can you help me please? 

    with the command : 

    get-ImapSettings

    get-PopSettings

    receive the right fqdn mail.mydomain.com

    i have an wildcard certificate *.mydomain.com

    i have deleted the old self certificate.. restart all but i have the same problem 

    exchange 2013 cu15

    thanks 


    oasis in my heart


    • Edited by Andrea1 Wednesday, July 6, 2016 4:28 PM
    Wednesday, July 6, 2016 4:27 PM