Announcement

Collapse
No announcement yet.

enable-exchangecertificate with SMTP services

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • enable-exchangecertificate with SMTP services

    Hi,

    I cannot set the enable-exchangecertificate command to sthe SMTP services, but i can activate my certificate to the IIS, POPand IMAP service without any error (a get-certificate give me IP.W.)

    When i enter the command enable-exchangecertificate -thumbprint xxxxx -services SMTP i got an error "The service is not installed".

    did i made any kind of error ? have i got to activate the SMTP on my CAS server ?

    Thank's for the answer.

    Thierry.

  • #2
    Re: enable-exchangecertificate with SMTP services

    I answer to myself. Even if I didn't activate the SMTP parameters, my Exchnage RPC/HTTPS is working fine as well as my HTC.

    Therefore now, each time I launch my OutLook in my Citrix Session, i got an error message that indicate i'm not using the right certificate.

    For information:
    * a get-exchangecertificate gives me

    FBA0B4.....745ED IP.W. CN=mydomain.com
    A1CCE......956FE ..... CN=<HostName>

    * a get-exchangecertificate | fl gives me

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System
    .Security.AccessControl.CryptoKeyAccessRule, System.Securi
    ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
    ssControl.CryptoKeyAccessRule}
    CertificateDomains : {mydomain.com}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=mydomain.com
    NotAfter : 02/04/2015 10:54:44
    NotBefore : 02/04/2010 10:54:44
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 1B880DA703AACA9444C32CADE9CAD747
    Services : IMAP, POP, IIS
    Status : Valid
    Subject : CN=mydomain.com
    Thumbprint : FBA0B.............745ED

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System
    .Security.AccessControl.CryptoKeyAccessRule, System.Securi
    ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {hostname, hostname.domain.local}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=hostname
    NotAfter : 25/03/2011 17:37:45
    NotBefore : 25/03/2010 17:37:45
    PublicKeySize : 2048
    RootCAType : None
    SerialNumber : 4C53342E34CB07B94D25EA2D02AE18F8
    Services : None
    Status : Valid
    Subject : CN=hostname
    Thumbprint : A1CCE..........956FE


    Did i miss something ?

    Regards

    Thierry

    Comment


    • #3
      Re: enable-exchangecertificate with SMTP services

      A now an another answer that could give you some enlightment.

      The oulook message is only a warning message "The name of the security certificate is invalid or does not match the name of the site". I look around internet and found that when i install my personnal certificate for my roaming user, i replace the selfsigned certificate. Thank you Thierry ...

      If I use the replace/renew procedure to change the selfsigned certificate, i would be asked to replace the certificate I use for my roaming users, but i don't want to do that.

      So how could i get a certificate for my roaming users for the domain mailhost.mydomain.com and at the same time get a certificate for my internal outlook users on the domain hostname.domain.local.
      * mailhost.mydomain.com is my internet address for the roaming access
      * hostname.domain.local is the local network name of my CAS server.

      Any help will be welcomme

      Thierry

      Comment


      • #4
        Re: enable-exchangecertificate with SMTP services

        Don't use self signed certificates.
        They are not supported for use with ActiveSync or Outlook Anywhere.
        Use Exchange as it was designed - with a commercial UC certificate.

        http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

        The only reason I can think that you cannot activate a certificate for SMTP is when the Hub Transport role is not installed on the server.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: enable-exchangecertificate with SMTP services

          Sembee,

          thank you for the links. I'll take a llok at the website during my day.

          As you crote, i can't put a certificate on the SMTP port as this port isn't enable on a CAS server. So i won't use it. I'll install an EDGE server next days.

          The main problem today is the error I get when the inside domain client launch their outlook. I think it's "normal" as externaldomain.com is different than the internaldomail.local ... i had to look for that.

          Regards,

          Thierry

          Comment


          • #6
            Re: enable-exchangecertificate with SMTP services

            If your certificate does not have the internal domain names in it then you will get prompts.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X