Exchange 2010/2013 POP or IMAP with Wildcard Certificate activation

You try to activate a WILDCARD Certificate for IMAP or POP Services for Exchange 2010.

Either GUI or Powershell this does not work as wanted:

Enable-ExchangeCertificate -Server ' exchange2010' -Services 'IMAP, IIS, SMTP' -Thumbprint 'C22E2AE9FC07C7DA55454522B0E0ACF996C8'

 

ERROR:

This certificate with thumbprint C22E2AE9FC0646473449422B0E0ACF996C8 and subject '*.butsch.ch' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Solution:

Is to set the parameter with SET-POPSETTINGS and set-IMAPSETTINGS:

Set-POPSettings -X509CertificateName exchange2010internalname.butsch.ch

Set-IMAPSettings -X509CertificateName exchange2010internalname.butsch.ch

Restart the services:

restart-service MSExchangePOP3

restart-service MSExchangeIMAP4

Check what you changed:

Get-popsettings

Get-imapsettings

Technet Links:

 

Exchange 2010

https://technet.microsoft.com/de-de/library/bb691401(v=exchg.141).aspx

For Exchange 2013:

If you want this active FROM External (Which we don't recommend!) on your 2013 don't forget to set these parameters:

Set-POPSettings -ExternalConnectionSetting {mysamplenamethirdleveldomain.butsch.ch:995:SSL}

Set-ImapSettings -ExternalConnectionSetting {mysamplenamethirdleveldomain.butsch.ch:993:SSL}

https://technet.microsoft.com/en-us/library/jj657728(v=exchg.150).aspx

Exchange 2013 Log Options:

https://technet.microsoft.com/de-de/library/aa997690(v=exchg.150).aspx

Done forget to enable (Turn to automatic) the POP or IMAP3 Service and start it.