Configure Wildcard SSL Certificate for POP/IMAP on Exchange 2010 (PowerShell)

It is assumed you have your SSL wildcard certificate already installed on an Exchange 2010 server.

We use Windows Server 2008 R2 Datacenter x64 in this example.

Open Exchange Management Shell as Administrator and get a list of SSL certificates that are available:

[PS]> Get-ExchangeCertificate

Thumbprint                    Services  Subject
----------                              --------  -------
1F70359DC0BE9CAD58F965A3C110  ...WS.    CN=*.example.com, OU=IT Dep, O=Example Comp...
0F7FF199B11E662621D80700D04F  ....S.    CN=ExampleDC

When you enable the wildcard *.example.com certificate for POP service, you normally get the following error:

PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services POP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

The same applies to IMAP:

[PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services IMAP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Set FQDN for POP service to fix the error:

[PS]> Set-POPSettings -X509CertificateName exchange2010.example.com

Do the same for IMAP service:

[PS]> Set-IMAPSettings -X509CertificateName exchange2010.example.com

Verify POP settings:

[PS]> Get-POPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::110, 0.0.0.0:110}     {:::995, 0.0.0.0:995}  SecureLogin  exchange2010.example...

Verify IMAP settings:

[PS]> Get-IMAPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::143, 0.0.0.0:143}     {:::993, 0.0.0.0:993}  SecureLogin  exchange2010.example...

Restart POP and IMAP services:

[PS]> Restart-service MSExchangePOP3
[PS]> Restart-service MSExchangeIMAP4

Source link:

https://www.lisenet.com/2014/configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server/

Comments are closed.