On previous article we talked about , certificate warning
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.
The errors was causing by expired internal certificate on the CAS server or servers, as the limitation of internal issued certificates, ( expire in 1 year) we need to renew the expired certificate.
here is the link for more information
Here is summary how to deal with this situation
- Get-ExchangeCertificate | FL ( to see the status of cert installed and the thumbprint
- Get-ExchangeCertificate -Thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE | New-Certificate
**** you need to place your thumbprint
- Get-ExchangeCertificate | FL ( one more time to see the certs)
At this point you will see two of them , pay attention one is “Valid” one is not, it is Invalid.
you want to remove the Invalid one by typing
- Remove-ExchangeCertificate –thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE
Dont forget again the replace the correct thumbprint
Now you might need to enable the new cert with services
- Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint DBA3601A10DF90E0F00462C03940C90B8BA87292
last time to make sure issue
- Get-ExchangeCertificate | FL
verify the Cert is valid and correct services are enable to use this internal cert.
oz Casey Dedeal,
MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Leave a comment