wildcard ssl certificate - exchange 2010 - POP/IMAP problem

wildcard exchange-2010 imap pop3

Solution 1:

Unfortunately, your best option is to get a UC cert, which means ditching the wildcard and purchasing a new one entirely. See my answer HERE for a similar question.

Solution 2:

Boo, UC certs are a bigger ripoff than normal certificates and only needed mainly because of NAT. When IPv6 becomes widely used and all computers have one-true-address these will be mostly moot as your server won't need to resolve to a different address inside and outside the firewall.

This can be quite easily be handled if you are using a two-faced DNS system that for the same hostname serves private (RFC1918) addresses to internal users and the server's public address to external users. For example mail.example.com from your internal servers returns 10.0.0.11 and from an external server it returns 208.65.70.82. So when connecting to your server internally you would still use mail.example.com.

Take a look at Microsoft KB Article 940726 which explains how to change the internal url for all of the exchange services to be the same as the external URL. It specifically cites this "workaround" for people that "cannot" use a certificate that supports Subject Alternative Names. To be honest I think that this configuration will become default in the next one or two versions of Exchange as IPv6 becomes common place.

We have also found this is really great for mobile users because mail.example.com will resolve to the same server inside the firewall as it does outside, especially nice when they're using a protocol like IMAP with a client that doesn't support "Outlook Anywhere".

For your POP/IMAP issues take a look at Microsoft KB Article 948896. Basically you just set the X509CertificateName to the FQDN that users will be accessing the service from (with Set-ImapSettings -X509CertificateName mail.example.com or through the GUI) and don't specifically assign the certificate to the IMAP service using Enable-ExchangeCertificate command.

Solution 3:

you can indeed use a wildcard for imap and pop. rtfm here: http://technet.microsoft.com/en-us/library/aa997231.aspx

:)

Related

Syslog-ng: how to log severity/facility?
Can I get AD to authenticate via another LDAP server?
recommend firewall options for a dedicated server
Why am I getting an overflowerror in Python?
Ensuring compilation error while passing null pointer to a function
Two almost identical functions using STArray: why does one requires FlexibleContexts, and the other does not?
How to route programmatically in SvelteKit?
How to open specific Bootstrap tab by clicking on a link
gensim/ Training a LDA Model: 'int' object is not subscriptable
How to count number of months of row in Oracle
I am getting array index out of bond on leet code(Best Time to Buy and Sell Stock) [duplicate]
Mailto (html element) not working as expected [duplicate]