{"id":275,"date":"2008-11-26T18:51:22","date_gmt":"2008-11-26T18:51:22","guid":{"rendered":"https:\/\/www.wapshere.com\/missmiis\/?p=275"},"modified":"2009-04-05T07:40:31","modified_gmt":"2009-04-05T07:40:31","slug":"strange-problem-when-changing-the-exchange-2007-certificate-on-windows-2008","status":"publish","type":"post","link":"https:\/\/www.wapshere.com\/missmiis\/strange-problem-when-changing-the-exchange-2007-certificate-on-windows-2008","title":{"rendered":"Strange problem when changing the Exchange 2007 certificate on Windows 2008"},"content":{"rendered":"<p>Still on Exchange migrations here, and after wasting half today on a very strange certificate problem, here&#8217;s the solution I eventually found.<\/p>\n<p><!--more--><\/p>\n<p>I was changing the default self-signed Exchange 2007 cert to one generated from the local CA server. So far so normal&#8230; BUT whatever I did I could not get rid of the old certificate!<\/p>\n<p>It was gone from the IIS 7 interface&#8230;<\/p>\n<p>\u00c2\u00a0\u00c2\u00a0 It was not listed by the Get-ExchangeCertficate cmdlet&#8230;<\/p>\n<p>\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 There was no sign of it in the local computer certifcate store&#8230;<\/p>\n<p>But every time I attached to the server with IE I was offered that same ^%^$\u00c2\u00a3$* certificate that should have been gone!<\/p>\n<p>After much searching and head scratching I evenually came across this method for manually viewing and changing certs on the SSL port: <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc727844.aspx\" target=\"_blank\">http:\/\/technet.microsoft.com\/en-us\/library\/cc727844.aspx<\/a><\/p>\n<p>Running the command<\/p>\n<pre>   netsh http show sslcert<\/pre>\n<p>showed that, indeed, the old certificate was still bound to the port.<\/p>\n<p>I then used the following command to get rid of the old one:<\/p>\n<pre>   netsh http delete sslcert ipport=0.0.0.0:443<\/pre>\n<p>And finally the following command to add the new cert:<\/p>\n<pre>   netsh http add sslcert ipport=0.0.0.0:443 certhash=<em>hash<\/em> appid={00112233-4455-6677-8899-AABBCCDDEEFF}<\/pre>\n<p>The hash you can copy from the Thumprint value when you run a Get-ExchangeCertificate in the Exchange Command Shell.<\/p>\n<p>As for the appid &#8211; I tried to find out what was supposed to go here, and in the end just used the default GUID. It worked fine.<\/p>\n<p>After doing all of this the old cert was finally well and truly gone, and I could attach to Exchange 2007 using the new cert.<\/p>\n<p>This all seemed rather a lot of effort, and none of the documentation I read said any of this netsh stuff would be needed &#8211; perhaps a bug with Exchange 2007 on Windows 2008?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Still on Exchange migrations here, and after wasting half today on a very strange certificate problem, here&#8217;s the solution I eventually found.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":[]},"categories":[26,37],"tags":[],"class_list":["post-275","post","type-post","status-publish","format-standard","hentry","category-exchange2007","category-windows2008"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pkp1o-4r","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":3,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":421,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/275\/revisions\/421"}],"wp:attachment":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/media?parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/categories?post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/tags?post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}