LinkBack URL
About LinkBacksyer thats what I done again, this is really annoying me now, it should just work, im doing everything correct here
yer thats what I done again, this is really annoying me now, it should just work, im doing everything correct here
Any more ideas?
bump......
Got this info?Originally Posted by sukh
Right, this is what I have done now (Trying to follow your instuctions sukh)
Request a certificate from the Exchange Console
Request a certificate from ipsca again
Renamed the cert file from ipsca, to cert.txt so it works with your command
Now used your commands in the Exchange 2010 Shell
This is an error im getting
VERBOSE: Connecting to MAIL.ockendon.thurrock.sch.uk
VERBOSE: Connected to MAIL.ockendon.thurrock.sch.uk.
[PS] C:\Windows\system32>Get-ExchangeCertificate |fl >c:\cert.txt
Thats command works but does nothing as far has I can tell
[PS] C:\Windows\system32>Enable-ExchangeCertificate certificate -services IIS
The certificate with thumbprint certificate was not found.
+ CategoryInfo : ObjectNotFound: ([Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 79C4D1AB,Microsoft.Exchange.Management.SystemConfi gurationTasks.EnableExchangeCertificate
Was I meant to install the certificate in the Echange Console before doing these commands?
Last edited by pritchardavid; 28th June 2011 at 08:59 AM.
1. Yes, you have to import the cer then enable on the services.
2. You dont need to rename the cert .txt, that was for the output
3. What format did you get yuo cert in pfx p12 cer?
Have found one problem I think
Once I looked at the cert.txt - Root CA Type Unknown
Also when I done the second command nothing happend I typed this is for the second one -
Enable-ExchangeCertificate 06E0D7CFE246DC6FD05491F1A9270B5424DC905E -services IIS -DoNotRequireSSL (Last command is to stop enforcing SSL at the root, as we redirect it to owa at the root which is not https)
Purpose of the cert = Ensures the identity of a remote computer
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
ule}
CertificateDomains : {mail.theockendonacademy.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=ipscalevel1@ipsca.com, CN=ipsCA Level 1 CA, OU=Certificaciones, O=ips Certification Authority, L
=MADRID, S=MADRID, C=ES
NotAfter : 02/07/2013 15:22:13
NotBefore : 27/06/2011 15:22:13
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 10A8E3BBFA2DE210C590D8B8AB78D150668C41E8
Services : None
Status : Invalid
Subject : CN=mail.theockendonacademy.com, OU=ICT, O=The Ockendon Academy, L=South Ockendon, S=Essex, C=GB
Thumbprint : 06E0D7CFE246DC6FD05491F1A9270B5424DC905E
Last edited by pritchardavid; 28th June 2011 at 11:09 AM.
1. For what reason are you installing the Cert if youre using http and not https?
2. If you got to mail.theockendonacademy.com can you login succesfully and use OWA?
Sorry got you a bit confussed there, we are using https. We just dont use it on the root, so when you type in mail.theockendonacademy.com it redirects you to https://mail.theockendonacademy.com/owa
Ok have got a bit further now, noticed that the ipsCA LEVEL 1 CA was missing from 'Intermediciate cert authorities' store, sure I have checked this before the the mmc addon.
New info from cert.txt
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule , System.Security.AccessControl.CryptoKeyAccessR
ule}
CertificateDomains : {mail.theockendonacademy.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : E=ipscalevel1@ipsca.com, CN=ipsCA Level 1 CA, OU=Certificaciones, O=ips Certification Authority, L
=MADRID, S=MADRID, C=ES
NotAfter : 02/07/2013 15:22:13
NotBefore : 27/06/2011 15:22:13
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 10A8E3BBFA2DE210C590D8B8AB78D150668C41E8
Services : IIS
Status : Valid
Subject : CN=mail.theockendonacademy.com, OU=ICT, O=The Ockendon Academy, L=South Ockendon, S=Essex, C=GB
Thumbprint : 06E0D7CFE246DC6FD05491F1A9270B5424DC905E
But a problem still exists!
Im getting 'this certificate cannot be verified up to a trusted certification authority' on the owa site when I click on the cerficate error
Plus when I click to view the cerficate and click on the cerfication path, it does not have any cerficates expect mail.theockendonacademy.com. It's missing bothe the root and level 1 ipsca certs
Last edited by pritchardavid; 28th June 2011 at 01:03 PM.
1. Did you get a root certificate too when you cert was issues to you, the full path isnt avaliable, this is why youre getting the error. The root exisits in the browser but it seems liek you have a Intermediate?
Yep got three certs to install in total
SSL Certificate Authority low-cost, fully-validated 38$ SSL and 276$ Wildcard Certificates (Plus of course our one made for our server)
The weird thing is, if I was to go to the owa site actually on the Mail Server it works fine with the Certs, its got the correct Cert path too
It any other computer lol
Believe they are installed in the correct location
Under Cert mmc these are the ipsCA Certs I can see that are installed on the Mail Server
Personal >>>> Certificates >>>> mail.theockedonacademy.com Cert Issued By ipsCA Level 1 CA
Trusted Root Certification Authorities >>>> Certificates >>>> ipsCA Global CA Root Cert Issued By ipsCA Global CA Root
Intermediate Certification Authorities >>>> Certificates >>>> ipsCA Level 1 CA Issued By ipsCA Global CA Root
Third-Party Root Certification Authorities >>>> Certificates >>>> ipsCA Global CA Root Issued By ipsCA Root
perform a iisrest on the exch server
I did restart the whole iis service before, would have tried a reboot now, but the remote server id down
All Sorted!
Just a reboot of the server resolved this!
Just sorted out a IPSCA cert for our exchange server yesterday. No problems at all. Shame Firefox still don't support the certs though.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
