• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Wildcard Cert on Exchange 2010 Edge Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> General >> Wildcard Cert on Exchange 2010 Edge Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Wildcard Cert on Exchange 2010 Edge Server - 22.Feb.2011 5:54:46 AM   
andyhud007

 

Posts: 88
Joined: 7.Feb.2002
From: UK / South East
Status: offline
Hi Guys, I'm really stumped on this so would appreciate any help/guidance.

We have 2 internal CAS/Hub 2010 servers and then 2 Edge Servers (2010) in our DMZ. All the relevant ports (e.g 25/50636/50389) are open and edgesync works.

We have a 3rd party (Verisign) WILDCARD cert (i.e *.domain.com) which we use for OA/OWA/ActiveSync etc).

All our mail routes through MessageLabs both inbound and outbound.

We need to enable TLS on our Edge Servers so I imported our Wildcard cert directly on the 2 Edge servers using the Import-ExchangeCertificate command here: http://technet.microsoft.com/en-us/library/bb124424.aspx

"Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\ExportedCert.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password"

This worked and I ran this on both Edge Transport Servers. Next I enabled both Certificates for SMTP using "Enable-ExchangeCertificate - Thumbprint XYW - Services SMTP. This also worked.


I then generated a new edgesync subscription to import onto my CAS/HUB Servers but got this message:

"The subscription file failed to load for the following reason: The direct trust certificate of the subscribed Edge Transport server with thumbprint XYW is a duplicate of the certificate of one of the HubTransport servers. Sharing the same certificate between Edge and Hub Transport servers is not allowed."

Now obviously the same cert is on the cAS/HUB Servers for OWA etc, so how do you get around this?

Any ideas?

Many Thanks

Andy
Post #: 1
RE: Wildcard Cert on Exchange 2010 Edge Server - 22.Feb.2011 9:55:51 AM   
YellowSpaced

 

Posts: 1
Joined: 22.Feb.2011
Status: offline
I actually ran into this, this morning. You need to do the edge subscription before you do the wildcard cert. the edge subscription is trying to use the *cert for its communication channel. removing it and recreating the subscription work no problems for me. then just readded the my *cert.

(in reply to andyhud007)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> General >> Wildcard Cert on Exchange 2010 Edge Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter