Author Topic: Certificate is Invalid for Exchange Server Usage  (Read 12540 times)

Offline moonbug

  • Newbie
  • *
  • Posts: 1
Certificate is Invalid for Exchange Server Usage
« on: August 22, 2012, 09:12:20 PM »
I installed the following certificates below but I keep getting “The Certificate is Invalid for Exchange Server Usage” Error in Exchange 2010 Console. I used the wizard to complete pending request. I also impoted the certificates below using MMC>Certicates>*>Import

 Root: AddTrustExternalCARoot.crt
 Intermediate 1: UTNAddTrustSGCCA.crt
 Intermediate 2: ComodoUTNSGCCA.crt
 Intermediate 3: EssentialSSLCA_2.crt
« Last Edit: August 22, 2012, 10:00:22 PM by moonbug »

Offline Sal Amander

  • Comodo's Hero
  • *****
  • Posts: 742
Re: Certificate is Invalid for Exchange Server Usage
« Reply #1 on: August 23, 2012, 12:15:21 AM »
I installed the following certificates below but I keep getting “The Certificate is Invalid for Exchange Server Usage” Error in Exchange 2010 Console. I used the wizard to complete pending request. I also impoted the certificates below using MMC>Certicates>*>Import

 Root: AddTrustExternalCARoot.crt
 Intermediate 1: UTNAddTrustSGCCA.crt
 Intermediate 2: ComodoUTNSGCCA.crt
 Intermediate 3: EssentialSSLCA_2.crt

Exchange 2010 does not like the EssentialSSL hierarchy for some reason whereas Exchange 2007 had no issue with it. We recommend that for Exchange 2010 that customers use the Unified Communications certificate from our InstantSSL.com page.

Offline technion

  • Comodo Member
  • **
  • Posts: 46
Re: Certificate is Invalid for Exchange Server Usage
« Reply #2 on: September 02, 2012, 07:07:26 PM »
Exchange 2010 does not like the EssentialSSL hierarchy for some reason whereas Exchange 2007 had no issue with it. We recommend that for Exchange 2010 that customers use the Unified Communications certificate from our InstantSSL.com page.

I always had the exact same problem in Exchange 2007, and the official response I got from Comodo support was "Don't use the EssentialSSL hierarchy for Exchange".

As Sal states, you won't have this issue with a UC cert. The InstantSSL certificates are also fine with Exchange, and significantly cheaper.

I really wish Comodo would more actively warn people about this. It's fine to say "we only officially support UC Certs with Exchange" but it's all SSL, there should be an expectation it all "just works".

I actually logged a paid Microsoft ticket about this a few years back, and their view was that every EssentialSSL certificate I could find is "broken, contact your supplier".

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek