1

I began a transition from Exchange 2003 to Exchange 2010 today. At the moment nearly all of my users are still on 2K3 (save for a few test accounts on the 2K10 server.) As best as I can tell everything is working fine - mailing is flowing in all directions.

I have a godaddy wildcard SSL certificate. It is in use on the 2K3 server. When I open OWA (2k10 sever) there is a Certificate error. 

The security certificate presented by this website was not issues by a trusted
certificate authority

On the 2K10 server there is also an error which I think is related:

EventID 12014: Microsoft Exchange could not find a certificate that contains the 
domain name mail.xxx.com in the personal store of the local computer...

I thought I could just export from 2K3 then import to 2K10 (as godaddy suggested) but that didn't work for me.

Under server configuration on the 2K10 server, two certificates exist: both as self signed and "valid for exchange server". The CN is listed as the server name but I am thinking that should be "mail"?

I am not sure where to start. I made have messed this up when I got slightly panicked earlier when we couldn't send email (I fouled up the send connector). Maybe I need to start over (the certificate part)?

IMAbev
  • 119
  • 1
  • 10
  • 1
    First of all, examine the certificate using your browser to check the issuer and the certificate chain. From what you've said, it looks like the cert you think is being presented is in fact not. – Simon Catlin May 02 '13 at 19:43
  • 1
    `I thought I could just export from 2K3 then import to 2K10 (as godaddy suggested) but that didn't work for me.` - You can never "just" anything with SSL certificates. :-/ || `The CN is listed as the server name but I am thinking that should be "mail"?` - For a wildcard certificate, it should appear as *.domain.example.org – TessellatingHeckler May 02 '13 at 20:00

1 Answers1

3

You are likely getting this error because Exchange 2010 auto generates a self signed, and assigns to services. You need to change the services to the wildcard you imported.

First, run Get-ExchangeCertificate |fl from the Exchange Shell, and you will see the self signed, and the one you imported. Note the thumbprint on the imported wildcard, and apply it to the Set-ExchangeCertificate in the article i linked below. THIS link will show you how to assign services to the cert you want to use, its for 2013, but will still work.

You need a SAN cert for Exchange 2010. (OK, not need, but HIGHLY recommended.) In Exchange 2003, it was easy to attach a cert in IIS, its a bit different from 2007 and up.

http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part1.html

DanBig
  • 11,423
  • 1
  • 29
  • 53