What Service will be assigned? IIS, POP3, IMAP4 and SMTP.
That is the existing Service in CAS!
Assign IIS Service to the Wildcard Certificate
- In Exchange Management Console, Click "Service Configuration" --> "TEST-CAS-01" --> "Adatum Mail System Certificate" --> "Assign Service to Certificate"
- Select which Servers will be assigned this certificate. In this case, we will select CAS as "TEST-CAS-01" next to click "Next > " button.
- Enable "Internet Message Access Protocol(IMAP)", "Post Office Protocol(POP)", "Internet Information Service(IIS)" check box and click "Next > " button
- Click "Assign" button
- You will see two warning message about POP and IMAP. Please temporarily neglect this and click "Finish" button.
- Finally, it is successful for me to assigning the wildcard Certificate to IIS Service. But POP and IMAP fail.
Assign POP/IMAP to the Wildcard Certificate
- In the above wizard process, we see a warning message about POP/IMAP fail due to the subject use "*.adatum.com" wildcard name, not FQDN. So that we need to execute the special command to set it.
- Execute "Exchange Management Shell" in CAS
- Key "Get-POPSettings" and "Get-IMAPSettings" to realize X509CertificateName information
- Key "Set-POPSettings -X509Certificate mymail.adatum.com" and "Set-POPSettings -X509Certificate mymail.adatum.com"
- Redo "Get-POPSettings" and "Get-IMAPSettings" again, you will see X509CertificateName information will be changed from TEST-CAS-01 to mymail.adatum.com
Due to SMTP Service build in HUB role, we need to export the wildcard certificate from CAS and import it to HUB. (or you can directly import it from the requested CA as the previous article explain.)
- In Exchange Management Console, Click "Service Configuration" --> "TEST-CAS-01" --> "Adatum Mail System Certificate" --> "Export Exchange Certificate..."
- Click "Browse..." button
- Select one path to locate the certificate file as "exchange cas.pfx"
- Set password next to click "Export" button
- Click "Finish" button
- Click "TEST-HUB-01" --> "Import Exchange Certificate..."
- Click "Browse..." button
- Select the exported certificate to open it.
- Key in the password to decrypt it.
- Select which servers will be imported the certificate next to click "Next > " button.
- Click "Import" button
- Click "Finish" button
- In HUB, it has already added one new Wildcard Certificate but services is None. So that need to do "Assign Service to Certificate..." activity by clicking this hyperlink.
- Select "TEST-HUB-01" next to click "Next > " button.
- Enable "Simple Mail Transfer Protocol (SMTP)" check box
- Click "Assign" button
- Click "Yes"button to overwrite the existing default SMTP certificate by the new Wildcard Certificate
- Click "Finish" button
- The Certificate Services Information has already been changed from None to SMTP now.
- Finally, you can do command as "Get-ExchangeCertificate | fl" in Exchange Management Shell to realize all certificate information in HUB Server.
After finishing the above steps, the Web/POP/IMAP/SMTP can use the Wildcard Certificate to do security channel now.
So do that we will save the money due to just need to buy "One" Wildcard Certificate!