Announcement

Collapse
No announcement yet.

SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

    I am getting security warnings on the workstations concerning the self-signed certificate for mail.mydomain.com. I re-ran the SBS wizard "Set up your Internet address" thinking this would correct the problem but it did not.

    I found some KB articles and one of them had you list the certificates with Get-ExchangeCertificate | List (see below). I was overwelmed with the number of certificates although I could see two certificates with invalid dates.

    Should I have this many certificates and how do I renew the certificate for mail.mydomain.com?

    Thanks

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessRule, system.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.mydomain.ca, mydomain.ca, SERVER1.diemert.local} HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=diemert-SERVER1-CA
    NotAfter : 07/05/2014 2:44:56 PM
    NotBefore : 07/05/2012 2:44:56 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 4C345383000000000009
    Services : IMAP, POP, IIS, SMTP
    Status : Valid
    Subject : CN=mail.mydomain.ca
    Thumbprint : 0F8242C4DE65A9BBE43D546BDE330222CEB5E4F3

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {SERVER1.diemert.local} HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=diemert-SERVER1-CA
    NotAfter : 11/02/2013 10:27:38 PM
    NotBefore : 12/02/2012 10:27:38 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 18574933000000000008
    Services : IMAP, POP, SMTP
    Status : Valid
    Subject : CN=SERVER1.diemert.local
    Thumbprint : 1552329700C3357022CB258B01D5558EE065F384

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.mydomain.ca, mydomain.ca, SERVER1.diemert.local}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=diemert-SERVER1-CA
    NotAfter : 06/05/2012 9:39:29 PM
    NotBefore : 07/05/2010 9:39:29 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 610C510C000000000004
    Services : IMAP, POP, SMTP
    Status : DateInvalid
    Subject : CN=mail.mydomain.ca
    Thumbprint : 6F9A7C19FAEAD3D71079D12147ABD77E02965445

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {Sites, SERVER1.diemert.local}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=diemert-SERVER1-CA
    NotAfter : 06/05/2012 5:44:31 PM
    NotBefore : 07/05/2010 5:44:31 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 6106A5CF000000000002
    Services : IMAP, POP, SMTP
    Status : DateInvalid
    Subject : CN=Sites
    Thumbprint : 361E567956A6E6E9CBFE01B03988EB29A6B01660

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule}
    CertificateDomains : {diemert-SERVER1-CA}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=diemert-SERVER1-CA
    NotAfter : 07/05/2015 5:54:00 PM
    NotBefore : 07/05/2010 5:44:01 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 499FC3DF633CBE884D0818888703DE64
    Services : None
    Status : Valid
    Subject : CN=diemert-SERVER1-CA
    Thumbprint : E6EA8622FE824598F74AC98F51DE73E0E2C35B7E

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {SERVER1.diemert.local}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=SERVER1.diemert.local
    NotAfter : 06/05/2015 12:00:00 AM
    NotBefore : 07/05/2010 12:00:00 AM
    PublicKeySize : 1024
    RootCAType : Unknown
    SerialNumber : F8FA7D047A32B78248117E5B23B14F84
    Services : IMAP, POP, IIS
    Status : Valid
    Subject : CN=SERVER1.diemert.local
    Thumbprint : A56FF88ADEDC718DA229742285CA129F65EF11F6

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
    ule}
    CertificateDomains : {WMSvc-WIN-PVSKAH1VSNW}
    HasPrivateKey : True
    IsSelfSigned : True
    Issuer : CN=WMSvc-WIN-PVSKAH1VSNW
    NotAfter : 11/04/2020 11:30:55 PM
    NotBefore : 14/04/2010 11:30:55 PM
    PublicKeySize : 2048
    RootCAType : Registry
    SerialNumber : 5CB3D890A317C1934C63D15BC4BB5175
    Services : None
    Status : Valid
    Subject : CN=WMSvc-WIN-PVSKAH1VSNW
    Thumbprint : 5E28E828C1FC7DEA219982926AD28D65C9334250
    Network Engineers do IT under the desk

  • #2
    Re: SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

    Buy a certificate. US$70, no warnings, nothing to install and generally a lot less headache. The self signed certificate isn't worth the hassle.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

      Or check out here
      TIA

      Steven Teiger [SBS-MVP(2003-2009)]
      http://www.wintra.co.il/
      sigpic
      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We donít stop playing because we grow old, we grow old because we stop playing.

      Comment


      • #4
        Re: SBS 2008, Exchange Server 2007: Renewing the self-signed certificate

        Running the "Set up your Internet address" wizard again fixed everything.
        Network Engineers do IT under the desk

        Comment

        Working...
        X