3

We have a GoDaddy wildcard certificate that we have installed into Exchange 2010 and is successfully used on IIS connections for OWA.

We have assigned this certificate to the SMTP Service as well as IIS, but that doesn't seem to have unassigned the default self-signed certificate.

The self-signed certificate is already assigned to SMTP, IMAP and POP (we can't use the wildcard certificate for IMAP and POP due to it being a wildcard). Is it possible to unassign a self-signed certificate from just the SMTP service?

The only documentation I've found relates to removing a certificate completely.

Craig Watson
  • 9,370
  • 3
  • 30
  • 46
  • You don't need to. Multiple certificates can be assigned to the SMTP service without a problem. – Todd Wilcox Jun 17 '15 at 13:18
  • The issue we're having is that even though we have a wildcard cert installed, the self-signed cert is still served for all connections for some reason (verified by openssl commands from my personal VPS). For diagnostics, I'd like to unassign the self-signed cert so there's no other cert to be chosen. – Craig Watson Jun 17 '15 at 15:02
  • 2
    You can use a wildcard certificate for IMAP and POP - https://www.lisenet.com/2014/configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server/ – joeqwerty Jun 17 '15 at 15:06

1 Answers1

2

You can do this with Enable-ExchangeCertificate in the EMS by specifying None for that certificate.

https://technet.microsoft.com/en-us/library/dd351257(v=exchg.141).aspx

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • This is kind-of what I want, but I don't want to touch the existing assignments other than SMTP - the certificate is currently also used for POP and IMAP. – Craig Watson Jun 17 '15 at 15:00
  • 2
    I've never had to do it, but I suppose you could run it specifying None to remove all of the services (including SMTP) and then run it again to specify IMAP and POP. So basically you'll unbind it from all services and then rebind it for IMAP and POP. – joeqwerty Jun 17 '15 at 15:04