Prev: IIS relay server in DMZ
Next: Exchange Management Shell fails to load
From: Mark Greene on 2 Jun 2007 00:42

The SSL certificate generated by Exchange 2007 has the internal name
of my Exchange 2007 Server, rather than the external FQDN. This is
causing a certificate error everytime the OWA site is accessed, even
if the certificate is installed on the client machine. My question
is, can I use SelfSSL from the IIS6 resource kit to generate and
install a new certificate with the correct FQDN?

Will this also fix the following event I am receiving in the event
log?

Source : MSExchangeTransport
Category : TransportService
Event ID : 12014
Description:

Microsoft Exchange couldn't find a certificate that contains the
domain name mail.mydomain.com in the personal store on the local
computer. Therefore, it is unable to offer the STARTTLS SMTP verb for
any connector with a FQDN parameter of mail.muhlenbergtwp.com. Verify
the connector configuration and the installed certificates to make
sure that there is a certificate with a domain name for every
connector FQDN.

Thanks again for any help.....
From: Andy David {MVP} on 2 Jun 2007 10:16
On Sat, 02 Jun 2007 00:42:04 -0400, Mark Greene <notvalid(a)nowhere.com>
wrote:

>
>The SSL certificate generated by Exchange 2007 has the internal name
>of my Exchange 2007 Server, rather than the external FQDN. This is
>causing a certificate error everytime the OWA site is accessed, even
>if the certificate is installed on the client machine. My question
>is, can I use SelfSSL from the IIS6 resource kit to generate and
>install a new certificate with the correct FQDN?

Powershell is your friend. "New-ExchangeCertificate" command. Don't
forget if you need to consider the autodiscovery service as well and
create a valid certificate for that.
>
>Will this also fix the following event I am receiving in the event
>log?
>
>Source : MSExchangeTransport
>Category : TransportService
>Event ID : 12014
>Description:
>
>Microsoft Exchange couldn't find a certificate that contains the
>domain name mail.mydomain.com in the personal store on the local
>computer. Therefore, it is unable to offer the STARTTLS SMTP verb for
>any connector with a FQDN parameter of mail.muhlenbergtwp.com. Verify
>the connector configuration and the installed certificates to make
>sure that there is a certificate with a domain name for every
>connector FQDN.
>
>Thanks again for any help.....


Hopefully.
From: Dave Goldman [MSFT] on 2 Jun 2007 19:03
http://msexchangeteam.com/archive/2007/04/30/438249.aspx

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Dgoldman
http://blogs.msdn.com/dgoldman
Download OABInteg from here:
http://gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=A2338E73-F521-4071-9B1D-AAF49C346ACD


"Andy David {MVP}" <adavid(a)pleasekeepinngcheesebucket.com> wrote in message
news:jou2635enubl2m9qr05n6oho5fthrp0eik(a)4ax.com...
> On Sat, 02 Jun 2007 00:42:04 -0400, Mark Greene <notvalid(a)nowhere.com>
> wrote:
>
>>
>>The SSL certificate generated by Exchange 2007 has the internal name
>>of my Exchange 2007 Server, rather than the external FQDN. This is
>>causing a certificate error everytime the OWA site is accessed, even
>>if the certificate is installed on the client machine. My question
>>is, can I use SelfSSL from the IIS6 resource kit to generate and
>>install a new certificate with the correct FQDN?
>
> Powershell is your friend. "New-ExchangeCertificate" command. Don't
> forget if you need to consider the autodiscovery service as well and
> create a valid certificate for that.
>>
>>Will this also fix the following event I am receiving in the event
>>log?
>>
>>Source : MSExchangeTransport
>>Category : TransportService
>>Event ID : 12014
>>Description:
>>
>>Microsoft Exchange couldn't find a certificate that contains the
>>domain name mail.mydomain.com in the personal store on the local
>>computer. Therefore, it is unable to offer the STARTTLS SMTP verb for
>>any connector with a FQDN parameter of mail.muhlenbergtwp.com. Verify
>>the connector configuration and the installed certificates to make
>>sure that there is a certificate with a domain name for every
>>connector FQDN.
>>
>>Thanks again for any help.....
>
>
> Hopefully.

From: Mark Greene on 3 Jun 2007 01:15

Is this the command I would run?

New-ExchangeCertificate -SubjectName "DC=mydomain, DC=com,
CN=mail.mydomain.com" -DomainName mail.mydomain.com -Services "SMTP,
IIS" -PrivateKeyExportable $true

On Sat, 2 Jun 2007 19:03:12 -0400, "Dave Goldman [MSFT]"
<Dgoldman(a)noreply.microsoft.com> wrote:

>http://msexchangeteam.com/archive/2007/04/30/438249.aspx
From: John Oliver, Jr. [MVP] on 3 Jun 2007 15:46
Yes, you will need to run it once for your OWA and EAS and again for
Autodiscovery if you take the path of two Virtual Directories in IIS. I
prefer using mail.yourdomain.com for OWA and EAS and
autodiscover.yourdomain.com for Outlook Anywhere. You will also need to look
at this link to set your virtual directories correctly,

http://www.exchangeninjas.com/set-allvdirs

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2007
Microsoft Certified Partner


"Mark Greene" <notvalid(a)nowhere.com> wrote in message
news:7cj4631e6u2q2b16bedvf6pimskcd1kv8d(a)4ax.com...
>
> Is this the command I would run?
>
> New-ExchangeCertificate -SubjectName "DC=mydomain, DC=com,
> CN=mail.mydomain.com" -DomainName mail.mydomain.com -Services "SMTP,
> IIS" -PrivateKeyExportable $true
>
> On Sat, 2 Jun 2007 19:03:12 -0400, "Dave Goldman [MSFT]"
> <Dgoldman(a)noreply.microsoft.com> wrote:
>
>>http://msexchangeteam.com/archive/2007/04/30/438249.aspx

 | 
Pages: 1
Prev: IIS relay server in DMZ
Next: Exchange Management Shell fails to load