0

We have a GoDaddy signed SAN cert for our Exchange 2010 server, internally it works fine - issuer is GoDaddy and cert chain checks out.

Externally the same SAN seems to be used (the domains are the same as the GoDaddy SAN and we have no other certificates installed other than the self-generated Microsoft one) however the issuer is our internal cert authority?

All services, SMTP, IIS, IMAP and POP are all assigned to the GoDaddy cert.

I've spent 2 days messing with this now, from deleting intermediates and cert and reinstalling both to checking every detail I can see in Exchange - checked IIS bindings as well for Default Web Site (where /owa lives) and all use the right certificate.

Any advice greatly appreciated, it's doing my head in - feel like nuking it.

Myles Gray
  • 639
  • 4
  • 12
  • 33
  • Can you provide the output of a get-exchangecertificate? You say the services are mapped to the GoDaddy cert but it sounds like they are mapped to the self issued cert. – David V Jul 04 '14 at 10:11

1 Answers1

1

Found the root of the problem.

We updated our firewalls last week and upon update the default security filtering profile from WAN -> LAN changed to include SSL filtering, as such it resigns all SSL traffic and used the default SSL certificate, which was signed by our internal CA.

Sometimes it's the simple things...

Myles Gray
  • 639
  • 4
  • 12
  • 33