locked
Import Wildcard Certificate generated on another server RRS feed

  • Question

  • Hi, I Have another server only IIS with a wildcard certiicate, I export and import the certificate in my Exchange 2010, but, the certificate is False in Self Signed, how can I fix?

    The certificate was not generated in the exchange, was created on the server IIS.Tks.


    Diego Fucitalo
    Monday, September 5, 2011 10:01 PM

Answers

  • I understood, I thought the wildcard certificate could be installed on any server, so I made the request to an IIS server, I try to request a new SSL certificate for trustsign


    Diego Fucitalo


    The certificate needs to be trusted and the client need to be able to follow the certificate chain. Unless there is a Windows PKI infrastructure in place, you should be using a 3rd party cert for internal and external client access.

     


    • Edited by Andy DavidMVP Monday, September 5, 2011 11:01 PM
    • Marked as answer by Slackdi Tuesday, September 6, 2011 12:22 PM
    Monday, September 5, 2011 11:01 PM
  • Hit F5 to refresh the certificate and verify that it now says "False" under "Self Signed". If it still shows "True", you may have selected the wrong certificate or you may have generated the request on a different server. To fix this, you can create a new CSR on this Exchange server and reissue the certificate.
    SSL Certificates at TheSSLstore with Promo Codes
    • Marked as answer by Slackdi Tuesday, September 6, 2011 12:22 PM
    Tuesday, September 6, 2011 4:24 AM

All replies

  • False for Self-Signed doesnt mean there is anything wrong with it, it just means that Exchange didnt generate the cert itself.

    That's a good thing actually if the certificate has a certificate chain that is trusted by the clients.

    If this is an internet-facing CAS, you should be using a 3rd party certificate.

     

    Monday, September 5, 2011 10:05 PM
  • Hi Andy_D, tks for answer.

    When I open certificate, tab Certification Path, Certificate Status:

    The issuer of this certificate could not be found.

    And I can't configure the services.

    Do you know anything?


    Diego Fucitalo
    Monday, September 5, 2011 10:28 PM
  • After Self-Signed, in the colum Status the status: The certificate is invalid for exchange server usage


    Diego Fucitalo
    Monday, September 5, 2011 10:36 PM
  • After Self-Signed, in the colum Status the status: The certificate is invalid for exchange server usage


    Diego Fucitalo


    That means it cant correctly follow the certificate chain or the something is wrong with the Cert.

    If the cert was self-signed on the IIS server, then it wont work on the Exchange Server.

    You need to use a cert generated by an internal Windows CA or 3rd party CA. There is really no way around that.

    You could generate a new self-signed Exchange cert, but that is not recommended for client access.

     

     

    Monday, September 5, 2011 10:38 PM
  • I understood, I thought the wildcard certificate could be installed on any server, so I made the request to an IIS server, I try to request a new SSL certificate for trustsign


    Diego Fucitalo
    Monday, September 5, 2011 10:43 PM
  • I need to ask to cancel the certificate and request for the exchange? After I can use the certificate only on a server IIS ?


    Diego Fucitalo
    Monday, September 5, 2011 10:47 PM
  • I understood, I thought the wildcard certificate could be installed on any server, so I made the request to an IIS server, I try to request a new SSL certificate for trustsign


    Diego Fucitalo


    The certificate needs to be trusted and the client need to be able to follow the certificate chain. Unless there is a Windows PKI infrastructure in place, you should be using a 3rd party cert for internal and external client access.

     


    • Edited by Andy DavidMVP Monday, September 5, 2011 11:01 PM
    • Marked as answer by Slackdi Tuesday, September 6, 2011 12:22 PM
    Monday, September 5, 2011 11:01 PM
  • I buy the certificate wildcard from http://www.trustsign.com/

    Sorry my google English, I from Brazil.

    I do not know what to do

     


    Diego Fucitalo
    Monday, September 5, 2011 11:05 PM
  • I would take a look at :

    http://technet.microsoft.com/pt-br/library/dd351044.aspx

    and also ask TrustSign support:

    http://www.trustsign.com.br/suporte.asp

     

     

    Tuesday, September 6, 2011 12:06 AM
  • Hit F5 to refresh the certificate and verify that it now says "False" under "Self Signed". If it still shows "True", you may have selected the wrong certificate or you may have generated the request on a different server. To fix this, you can create a new CSR on this Exchange server and reissue the certificate.
    SSL Certificates at TheSSLstore with Promo Codes
    • Marked as answer by Slackdi Tuesday, September 6, 2011 12:22 PM
    Tuesday, September 6, 2011 4:24 AM
  • Hi I generated the request another server. 
    I think the problem is that

    Diego Fucitalo
    • Edited by Slackdi Tuesday, September 6, 2011 12:21 PM
    Tuesday, September 6, 2011 12:21 PM
  • Hello,

    For more reference, please see:

     

    More on Exchange 2007 and certificates - with real world scenario

    http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx

     

    Thanks,

    Simon

    Wednesday, September 7, 2011 8:36 AM
  • Thanks Simon_Wu
    Diego Fucitalo
    Wednesday, September 7, 2011 2:30 PM