Many organizations make use of a WildCard Certificate in their Exchange Environment. This makes sense when you have quite a number of SAN names to use.

In Exchange 2010 or Exchange 2013, if you try and update the X.509 Certificate Name when using a WildCard Certificate, whether it is in the EAC or ECP, you are presented with a warning to advise you to use PowerShell to update the name.

Let’s take a look at what we are referring to. Launch the Exchange Control Panel (ECP) on your server and Expand “Microsoft Exchange On-Premise”. Next expand “Server Configuration and click on “Client Access” (As Shown Below).

Exchange 2010/2013 - setting pop/imap x509certificatename when using a wildcard certificate
Exchange 2010/2013 - Setting POP/IMAP X509CertificateName when using a WildCard Certificate 1

Now, click on a CAS Server and Click on the POP3 and IMAP4 tab.

Exchange 2010/2013 - setting pop/imap x509certificatename when using a wildcard certificate
Exchange 2010/2013 - Setting POP/IMAP X509CertificateName when using a WildCard Certificate 2

Next step is to double click on POP3 and then click on the “Authentication” Tab.

Exchange 2010/2013 - setting pop/imap x509certificatename when using a wildcard certificate
Exchange 2010/2013 - Setting POP/IMAP X509CertificateName when using a WildCard Certificate 3

If you have a normal SAN cert, you can enter in the name to use, however if you are using a WildCard Cert and type in the name and click apply you are presented with the following error/warning:

Exchange 2010/2013 - setting pop/imap x509certificatename when using a wildcard certificate
Exchange 2010/2013 - Setting POP/IMAP X509CertificateName when using a WildCard Certificate 4

So, no to worry, we can use the Exchange Management Shell to set the information. Take note, the same error is given for Exchange 2013.

Launch the Exchange Management Shell and type in the following commands to set the POP/IMAP settings:

  • Set-ImapSettings -server CAS -X509CertificateName imap.domain.com
  • Set-PopSettings -server CAS -X509CertificateName pop.domain.com

The last step is to Stop and Start the POP and IMAP services, once done you can monitor the event log for any errors.

Hope it helps.

    wpChatIcon

    Discover more from COLLABORATION PRO

    Subscribe now to keep reading and get access to the full archive.

    Continue reading