Exchange non autentica gli utenti
Jump to navigation
Jump to search
| Attenzione questo articolo è ancora incompleto. Sentiti libero di contribuire cliccando sul tasto edit. |
Se Exchange non autentica più gli utenti è dà un errore relativo ad un certificato scaduto SMTP, è necessario rinnovare il certificato self signed che viene usato internamente. Si fa con la console Powershell di Exchange (vedi passaggi finali):
- Identificare il certificato scaduto:
Get-ExchangeCertificate | Format-List Thumbprint,Subject,Services,Status,CertificateDomains,N
otAfter
...
Thumbprint : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
...
- Rinnovarlo:
Get-ExchangeCertificate -Thumbprint 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F| New-ExchangeCertificate -PrivateKeyExportable $true
- Sessione:
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List
Tip of the day #101:
Need to see a list of the URLs for a user's calendar that has been published for Internet access? Just type:
Get-MailboxCalendarFolder -Identity <user alias>:\calendar | fl
VERBOSE: Connecting to galexchange.galimberti.priv
VERBOSE: Connected to galexchange.galimberti.priv.
[PS] C:\Windows\system32>New-Exchangecertificate -help
A positional parameter cannot be found that accepts argument '-help'.
+ CategoryInfo : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
[PS] C:\Windows\system32>New-Exchangecertificate --help
A positional parameter cannot be found that accepts argument '--help'.
+ CategoryInfo : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate
[PS] C:\Windows\system32>New-Exchangecertificate
Confirm
Overwrite the existing default SMTP certificate?
Current certificate: '78231F05E72FEEBD6DAE85A67F6F4B75DB57940B' (expires 31/08/2026 11:31:14)
Replace it with certificate: 'DA7C335702FD492C967F217FC152980791A29498' (expires 31/08/2026 11:36:14)
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): n
Thumbprint Services Subject
---------- -------- -------
DA7C335702FD492C967F217FC152980791A29498 ....S. CN=galexchange
[PS] C:\Windows\system32>New-Exchangecertificate Enable-ExchangeCertificate
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP
cmdlet Enable-ExchangeCertificate at command pipeline position 1
Supply values for the following parameters:
Thumbprint: 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
DA7C335702FD492C967F217FC152980791A29498 ....S. CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B ....S. CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362 IP.W.. CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F IP.... CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116 ....S. CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7 IP..S. E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
DA7C335702FD492C967F217FC152980791A29498 ....S. CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B ....S. CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362 IP.W.. CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F IP.... CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116 ....S. CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7 IP..S. E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List NotAfter
NotAfter : 31/08/2026 11:36:14
NotAfter : 31/08/2026 11:31:14
NotAfter : 26/10/2021 12:22:55
NotAfter : 13/08/2021 08:00:14
NotAfter : 17/07/2018 12:54:48
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List DnsNameList,SubjectName,NotAfter
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 31/08/2026 11:36:14
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 31/08/2026 11:31:14
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 26/10/2021 12:22:55
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 13/08/2021 08:00:14
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 17/07/2018 12:54:48
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List *
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {galexchange, galexchange.galimberti.priv}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
ServicesStringForm : ....S.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 31/08/2026 11:36:14
NotBefore : 31/08/2021 11:36:14
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 16...}
SerialNumber : 10848667CB4CD2AF4F19C0A5612CD6B9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : DA7C335702FD492C967F217FC152980791A29498
Version : 3
Handle : 486783088
Issuer : CN=galexchange
Subject : CN=galexchange
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {galexchange, galexchange.galimberti.priv}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
ServicesStringForm : ....S.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 31/08/2026 11:31:14
NotBefore : 31/08/2021 11:31:14
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 28...}
SerialNumber : 1CB0413E7E11409E4F298F276136131C
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Version : 3
Handle : 542805328
Issuer : CN=galexchange
Subject : CN=galexchange
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {galexchange.galimberti.net}
CertificateRequest :
IisServices : {IIS://galexchange/W3SVC/1}
IsSelfSigned : False
KeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
RootCAType : ThirdParty
Services : IMAP, POP, IIS
Status : Valid
SubjectKeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
PrivateKeyExportable : False
PublicKeySize : 3072
ServicesStringForm : IP.W..
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security
.Cryptography.Oid}
FriendlyName : [Manual] galexchange.galimberti.net @ 2021/7/28 13:22:46
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 26/10/2021 12:22:55
NotBefore : 28/07/2021 12:22:57
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 186, 48, 130, 4, 162, 160, 3, 2, 1, 2, 2, 18, 3...}
SerialNumber : 03AF831F49F6951D987DA63AD598BD538AE5
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Version : 3
Handle : 542805584
Issuer : CN=R3, O=Let's Encrypt, C=US
Subject : CN=galexchange.galimberti.net
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {galexchange.galimberti.net}
CertificateRequest :
IisServices : {}
IsSelfSigned : False
KeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
RootCAType : ThirdParty
Services : IMAP, POP
Status : DateInvalid
SubjectKeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
PrivateKeyExportable : True
PublicKeySize : 2048
ServicesStringForm : IP....
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security
.Cryptography.Oid}
FriendlyName : galexchange.galimberti.net 2021/5/15 9:0:21
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 13/08/2021 08:00:14
NotBefore : 15/05/2021 08:00:14
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 58, 48, 130, 4, 34, 160, 3, 2, 1, 2, 2, 18, 3...}
SerialNumber : 036261BCB6E7280540E571393B2405982734
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Version : 3
Handle : 542805840
Issuer : CN=R3, O=Let's Encrypt, C=US
Subject : CN=galexchange.galimberti.net
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
yAccessRule}
CertificateDomains : {galexchange, galexchange.galimberti.priv}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 183C8C24315641D962D76DD0CA3692DAE0D788B0
RootCAType : Unknown
Services : SMTP
Status : Invalid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
ServicesStringForm : ....S.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 17/07/2018 12:54:48
NotBefore : 17/07/2013 12:54:48
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 76...}
SerialNumber : 4CC6F87C18A777AF4FAB9EABE0C627C3
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Version : 3
Handle : 542805968
Issuer : CN=galexchange
Subject : CN=galexchange
PSComputerName : galexchange.galimberti.priv
RunspaceId : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {galexchange.galimberti.net}
CertificateRequest :
IisServices : {}
IsSelfSigned : False
KeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
RootCAType : Registry
Services : IMAP, POP, SMTP
Status : DateInvalid
SubjectKeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
PrivateKeyExportable : True
PublicKeySize : 1024
ServicesStringForm : IP..S.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : galexchange.galimberti.net
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 22/08/2021 16:16:58
NotBefore : 25/08/2011 16:16:58
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 4, 10, 48, 130, 3, 115, 160, 3, 2, 1, 2, 2, 1, 127...}
SerialNumber : 7F
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Version : 3
Handle : 542806224
Issuer : E=gal-alert@rvmgroup.it, CN=ca.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., L=Limbiat
e, S=MI, C=IT
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A.,
S=MI, C=IT
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Subject,Services,,Status,CertificateDomains,DnsNamesLis
t,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate | Format-List Subject,Services,, <<<< Status,CertificateDomains,DnsNamesList,NotAfter
+ CategoryInfo : InvalidOperation: (,:String) [], RuntimeException
+ FullyQualifiedErrorId : MissingArgument
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Subject,Services,,Status,CertificateDomains,DnsNameList
,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate | Format-List Subject,Services,, <<<< Status,CertificateDomains,DnsNameList,NotAfter
+ CategoryInfo : InvalidOperation: (,:String) [], RuntimeException
+ FullyQualifiedErrorId : MissingArgument
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Subject,Services,,Status,CertificateDomains,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate | Format-List Subject,Services,, <<<< Status,CertificateDomains,NotAfter
+ CategoryInfo : InvalidOperation: (,:String) [], RuntimeException
+ FullyQualifiedErrorId : MissingArgument
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Subject,Services,Status,CertificateDomains,NotAfter
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>New-Exchangecertificate --help
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter
KeyIdentifier : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
KeyIdentifier : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
KeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
KeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
KeyIdentifier : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
KeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>New-Exchangecertificate
[PS] C:\Windows\system32>KeyIdentifier
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 | New-ExchangeCert
ificate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 | New-ExchangeCert
ificate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3| New-ExchangeCerti
ficate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
+ CategoryInfo : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
DA7C335702FD492C967F217FC152980791A29498 ....S. CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B ....S. CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362 IP.W.. CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F IP.... CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116 ....S. CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7 IP..S. E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter
KeyIdentifier : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
KeyIdentifier : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
KeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
KeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
KeyIdentifier : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
KeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
e
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint A4159C7004977E316D91B071400B149252C780D3
The certificate with thumbprint A4159C7004977E316D91B071400B149252C780D3 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
+ FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
e
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
DA7C335702FD492C967F217FC152980791A29498 ....S. CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B ....S. CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362 IP.W.. CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F IP.... CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116 ....S. CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7 IP..S. E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Thumbprint,KeyIdentifier,Subject,Services,Status,Certif
icateDomains,NotAfter
Thumbprint : DA7C335702FD492C967F217FC152980791A29498
KeyIdentifier : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
Thumbprint : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
KeyIdentifier : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
Thumbprint : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
KeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
Thumbprint : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
KeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
Thumbprint : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
KeyIdentifier : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
Thumbprint : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
KeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Thumbprint,Subject,Services,Status,CertificateDomains,N
otAfter
Thumbprint : DA7C335702FD492C967F217FC152980791A29498
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
Thumbprint : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
Thumbprint : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
Thumbprint : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
Thumbprint : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
Thumbprint : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F| New-ExchangeCertificate -PrivateKeyExportable $true
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'galexchange.galimberti.net'
because the CA-signed certificate with thumbprint '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' takes precedence. The
following receive/send connectors match that FQDN: Default GALEXCHANGE, Client GALEXCHANGE.
Confirm
Overwrite the existing default SMTP certificate?
Current certificate: '78231F05E72FEEBD6DAE85A67F6F4B75DB57940B' (expires 31/08/2026 11:31:14)
Replace it with certificate: 'DD53DE8548FC84787A7EDB923E3B36D87996087C' (expires 31/08/2026 12:00:53)
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Thumbprint Services Subject
---------- -------- -------
DD53DE8548FC84787A7EDB923E3B36D87996087C IP..S. CN=galexchange.galimberti.net
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter
KeyIdentifier : 61B8CFFFCB1143810FC2121ECCDE19973731E65B
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, SMTP
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 31/08/2026 12:00:53
KeyIdentifier : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
KeyIdentifier : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
KeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
KeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
KeyIdentifier : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
KeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Get-ExchangeCertificate | Format-List Thumbprint,Subject,Services,Status,CertificateDomains,N
otAfter
Thumbprint : DD53DE8548FC84787A7EDB923E3B36D87996087C
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, SMTP
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 31/08/2026 12:00:53
Thumbprint : DA7C335702FD492C967F217FC152980791A29498
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:36:14
Thumbprint : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Subject : CN=galexchange
Services : SMTP
Status : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 31/08/2026 11:31:14
Thumbprint : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP, IIS
Status : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 26/10/2021 12:22:55
Thumbprint : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject : CN=galexchange.galimberti.net
Services : IMAP, POP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 13/08/2021 08:00:14
Thumbprint : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Subject : CN=galexchange
Services : SMTP
Status : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter : 17/07/2018 12:54:48
Thumbprint : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Subject : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
MI, C=IT
Services : IMAP, POP, SMTP
Status : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter : 22/08/2021 16:16:58
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint DD53DE8548FC84787A7EDB923E3B36D87996087C
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'galexchange.galimberti.net'
because the CA-signed certificate with thumbprint '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' takes precedence. The
following receive/send connectors match that FQDN: Default GALEXCHANGE, Client GALEXCHANGE.
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Confirm
Overwrite the existing default SMTP certificate?
Current certificate: 'DD53DE8548FC84787A7EDB923E3B36D87996087C' (expires 31/08/2026 12:00:53)
Replace it with certificate: '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' (expires 26/10/2021 12:22:55)
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): n
[PS] C:\Windows\system32>