I helped my customer to renew SSL certificate for Exchange
yesterday but I ran into some issue.
My customer’s environment is having a proxy server to handle
internet connection for all users. In the Exchange server I already specified Exchange
server name in the bypass list but when I import the certificate into CAS, an
error The Certificate Status could not be determined because the revocation
check failed will display in EMC.
I downloaded the
Digicert Certificate Utility for Windows here to test the proxy settings,
certificate revocation status and it passes all the test, but unfortunately
whenever I re-import the certificate it will display the previous error.
Finally I decided to
import the certificate using Powershell.
First I import the
certificate without assigning services with below command:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path
c:\certificate.pfx -Encoding byte -ReadCount 0))
-Password:(Get-Credential).password
Then I assign
services (POP, IMAP, IIS ,SMTP) to the certificate with below command:
Enable-ExchangeCertificate
-Thumbprint certificate_thumb_print -Services POP,IMAP,SMTP,IIS
The command executed
successfully, and when I browse to the OWA page it is showing that it has the
valid certificate now, however in the EMC it is still showing the revocation
check failed error.
I’m suspect there
are something needed to configure on the proxy server, however this is a
workaround for myself to get Exchange services published with the valid SSL
certificate.
No comments:
Post a Comment