Click View… to verify that the certificate is correct based on the Subject Alternative Name field, issuer, etc. Obtain the thumbprint of the newly installed certificate by opening an elevated Exchange Management Shell prompt and typing the command Get-ExchangeCertificate.
The newly installed certificate should have no services assigned to it. Move the self-issued certificate down the list and elevate the trusted third party certificate. Both seem to co-exist, but my mobile devices with Windows Mobile will not sync correctly with the self-issued certificate.
They did sync correctly in the past with the third-party trusted certificate. Thanks again for the reply and help. In the wizard it doesn't matter on the order, there can only be on installed on the website, so select that one and go ahead and install it.
It should replace any self-issued certificates in IIS. I just migrated from SBS to and brought across our certificate mail1. Every time we open Outlook , we get certificate errors that makes it sound like Outlook is looking for something called "site" but finds the mail1.
Any thoughts? Make sure you use the SBS trusted certificate to install the certificate. Does Outlook connect and download mail? This is most likely due to the sharepoint site being added inside Outlook to use Outlook as the offline data store for sharepoint. Did you set that up? Great Blog and info. I almost went to GoDaddy or some other authority because of problems with Mobile 6. No matter what I did, couldn't get it to work. Everything worked great on SBS with same settings.
With help from here I got all certificates straightened on IIS, etc. The key is the intermediate store and the certificate chain. Getting the. It only went in device intermediate store. All was solved with Self-Signed by exporting the certificate in IIS with key and choosing include all certificate chains. It makes a PFX file which will download over http and install in one step on Mobile 6.
After that it worked immediately - no need for trusted root from a major authority. Activesync bliss again! Running the SBS "Add a trusted certificate" wizard geneates a Certificate Request which includes only 3 domains - domainname. There are no autodiscovery domains. Does SBS specifically do things in the background which means these domains are not required and therefore not part of the request file? I see an additional zone for remote.
Should I proceed and purchase the certificate with just the 3 domains? You would create an SRV record in your public DNS entry godaddy for example that points the autodiscover service to "remote". The internet address management wizard will do this for you, just select godaddy if that's where your domain is and then the domain you want to use.
This post is very help. However, while installing my godaddy certificate, I am stuck on the last step Add trusted certificate using Trusted certificate Wizard. The godaddy certificate does not show up in my wizard. Another strange thing is after importing the certificate using MMC, the trust certificate wizard seems to be reset. Instead of giving the option "I have a certificate from my certificate provider", it give the option "I want to buy a certificate from a certificate provider" as if I never submitted a CSR.
Any hints on why this is happening? Did you ensure you requested the exact same name from godaddy? Dear Sean, Does your method of using a single domain SSL certificate from godaddy still work fine in case my registrar doesn't allow me to create SRV records?
So the multiple names would be "remote. They are more expensive than the single name certificate or multi-name certificate. Once this is installed, then create the autodiscover record again as mentioned above. Sean, I am sorry about the miss-information. I thought Lucien was referring to a multiple name CN certificate, meaning that we have installed one certificate that has multiple domain names in that same certificate.
My experience with wildcard certificates is that they are incompatible with Exchange, but work fine for the http. So if the certificates main purpose is for the owa or active-sync functionality, than the wildcard certificate does not work correctly.
I think I found a way to create a SRV record even if my current registrar doesn't allow it: change the DNS of the domain and have it managed by godaddy. Another thing: Aren't there any other services that need their own certificate OWA for instance? Or do they work with the same url remote. That'll do it Lucien Good luck! Sean, Is this series of instructions still valid for SBS ? Great post! Thanks for this info - just installed my wildcard cert using these instructions and it worked like a charm.
Thanks you sir. I have been trying to import the wildcard cert for a long time and your steps worked perfectly. Very detailed explanation about Installing a wildcard SSL. How can they go about verifying. MvT is an IT service provider. I think, however, there is a problem with the Autodiscover settings which will need to be fixed too.
Is there anything else on the server that would be relying on that SSL cert? You can use the SBS Console to do the certificate, but I find it easier with the command line because that is what I am used to. I stand corrected and apologise for the error and misinformation. I generate and order dozens of certificates a year and will of course give the console another try for the next SBS certificate I need.
0コメント