none
Invalid SSL Cert RRS feed

  • Question

  • Hi, 

    I am getting a invalid certificate after renewing a godaddy SSL cert for Exchange 2013 server. I have even removed the the expired cert. This did not help. In the EAC it shows valid with expiration date of 7-18-21. In a web mail  expiration date is 7-18-19. Any ideas on how to fix this.

    Thanks in advance

    Dexter Southerland  

    Monday, July 22, 2019 4:30 AM

All replies

  • Hi

    If you check the thumbprint of the certficate, does it belong to one exchange is using or one in the other stores that are expiring?


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, July 22, 2019 5:24 PM
    Moderator
  • Edward

    Thanks for help.  They do not match.

    Web Says:

    SSL  SN    2338c2f0371b4a54

    SSL ThumbPrint    8d5d2c441bf8ebfd8ec778aca4fb79d1d6e2cba8

    Expires 7-18-19

    Exchange Says

    SSL  SN  1EEF6DBC553CCC69

    SSL ThumbPrint   3BBA38D2CD59D01248682665F7DC127BB0CE5403

    Expires 7-18-21

    Thanks

    Dexter

    Monday, July 22, 2019 8:33 PM
  • Edward

    Thanks for help.  They do not match.

    Web Says:

    SSL  SN    2338c2f0371b4a54

    SSL ThumbPrint    8d5d2c441bf8ebfd8ec778aca4fb79d1d6e2cba8

    Expires 7-18-19

    Exchange Says

    SSL  SN  1EEF6DBC553CCC69

    SSL ThumbPrint   3BBA38D2CD59D01248682665F7DC127BB0CE5403

    Expires 7-18-21

    Thanks

    Dexter

    Did you enable the services for the new cert?

    https://docs.microsoft.com/en-us/powershell/module/exchange/encryption-and-certificates/enable-exchangecertificate?view=exchange-ps

    Monday, July 22, 2019 8:48 PM
    Moderator
  • I think so.

    

    Monday, July 22, 2019 8:56 PM
  • IIS reset or server booted? 
    Monday, July 22, 2019 9:44 PM
    Moderator
  • Andy

    Yes restarted several times.

    Thanks

    Dexter

    Monday, July 22, 2019 9:48 PM
  • I would check to see if the new certificate is bound to port 443 in IIS Manager. Also, I would do this in powershell.

    Enable-ExchangeCertificate -Thumbprint 3BBA38D2CD59D01248682665F7DC127BB0CE5403 -Services POP,IMAP,IIS,SMTP

    Then this,

    Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services

    Just to be sure


    • Edited by The_Techguy Monday, July 22, 2019 10:50 PM update
    Monday, July 22, 2019 10:50 PM
  • port 443 is bound. Issued command and checked. looks ok.  Still have error.

    Thanks

    Dexter

    Tuesday, July 23, 2019 2:40 AM
  • Hi Dexter,

    Does there exist any intermediate equipment in your environment?

    If you try to access EAC on your Exchange server directly, whether there exist certificate issue?

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 24, 2019 8:29 AM
    Moderator
  • Hi Dexter,

    I am writing here to confirm with you any update about this thread now?

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 29, 2019 7:44 AM
    Moderator