Help with SSL certificates


  • Hi all,


    We run Exchange 2007 on Win 2K3 R2 machines.  I recently had some users complaining about not being able to send mail, it appears to be a certificate issue.  We use a certiface we got from a 3rd party for OWA (which most of our users use), but I guess the one for SMTP/POP is  the self-signed private one.  I think our self-signed one has expired.  I have never worked with the certificates in exchange before.  Hopefully there is a way to use are current 3rd party certificate with the other services, or a way to re-new the self signed one?  Any help is appreciated, thanks.

    Wednesday, May 12, 2010 11:52 AM

All replies

  • Hi

    Run the Get-ExchangeCertificate command to verify that the certificate is enabled for the correct services.

     you can view the thumbprint of the certificate and Enable the services with the following CMD

    Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP -thumbprint



    Wednesday, May 12, 2010 12:04 PM
  • Is there a way to disable services from a certificate without getting rid of the certificate?
    Wednesday, May 12, 2010 12:34 PM
  • Ok, so I added all of the services I wanted to the certificate that we got from a 3rd party and deleted all the other certificates (as they were all expired).  The only issue I now have is when people try to use SSL to receive mail with a mail client.  It gets the following error message in Thunderbird:

    An error occurred during a connection to test.local:995.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)


    Any ideas?

    Wednesday, May 12, 2010 1:18 PM
  • Hello

    Are you using a proxy or a direct connection?



    Wednesday, May 12, 2010 7:01 PM