We worked with a client who saw a self-signed certificate error (mismatch, expiration) in their lab. It took a while to figure out how to update the self-signed cert. You have to create/update the certificate, enable it, and restart IIS. Here are the steps we took (using Exchange Management Shell):
There are two ways to generate a new cert. One is to add another year to the existing cert, the other is to create a new cert.
1) a) Add one year to the existing (expired) cert:
Get the thumbprint of the expired certificate:
Get-ExchangeCertificate -DomainName fl NotAfter,Thumbprint,certificatedomains
Then use that cert's thumbprint to generate a new cert
Get-ExchangeCertificate -Thumbprint xxx New-ExchangeCertificate
1) b) --or--Create a new cert:
New-ExchangeCertificate -PrivateKeyExportable $True -Services "IMAP, POP, IIS, SMTP" -SubjectName "cn=yourOutlookAnyWhereExternalDomainName"
Once you create the cert, you'll be given a thumbprint. Use that to enable the cert:
2) Enable-ExchangeCertificate -Thumbprint [thethumbprint] -services:"IMAP, POP, IIS, SMTP"
3) Stop/Start IIS:
i.e., iisrestart /start
--or--
net stop "World Wide Web Publishing Service"
net start "World Wide Web Publishing Service"
net stop "FTP Publishing Service"net start "FTP Publishing Service"
net stop "Simple Mail Transport Protocol (SMTP)"
net start "Simple Mail Transport Protocol (SMTP)"
Install the certificate on your client Windows machine via Internet Explorer:
4) Tools / Internet Options / Content / Certificates / Trusted Root Certificate Authorities / Import
-RVI
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment