Exchange non autentica gli utenti

From RVM Wiki
Revision as of 10:24, 31 August 2021 by Gabriele.vivinetto (talk | contribs) (Created page with "{{Stub}} Se Exchange non autentica più gli utenti è dà un errore relativo ad un certificato scaduto SMTP, è necessario rinnovare il certificato self signed che viene usat...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Attenzione questo articolo è ancora incompleto.
Sentiti libero di contribuire cliccando sul tasto edit.

Se Exchange non autentica più gli utenti è dà un errore relativo ad un certificato scaduto SMTP, è necessario rinnovare il certificato self signed che viene usato internamente. Si fa con la console Powershell di Exchange (vedi passaggi finali):

  • Identificare il certificato scaduto:
Get-ExchangeCertificate  | Format-List  Thumbprint,Subject,Services,Status,CertificateDomains,N

otAfter 

...
Thumbprint         : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14
...
  • Rinnovarlo:
Get-ExchangeCertificate -Thumbprint 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F| New-ExchangeCertificate -PrivateKeyExportable $true
  • Sessione:

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help *<string>*
Get general help: Help
Get help for a cmdlet: Help <cmdlet name> or <cmdlet name> -?
Show quick reference guide: QuickRef
Exchange team blog: Get-ExBlog
Show full output for a command: <command> | Format-List

Tip of the day #101:

Need to see a list of the URLs for a user's calendar that has been published for Internet access? Just type:

Get-MailboxCalendarFolder -Identity <user alias>:\calendar | fl

VERBOSE: Connecting to galexchange.galimberti.priv
VERBOSE: Connected to galexchange.galimberti.priv.
[PS] C:\Windows\system32>New-Exchangecertificate -help
A positional parameter cannot be found that accepts argument '-help'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate

[PS] C:\Windows\system32>New-Exchangecertificate --help
A positional parameter cannot be found that accepts argument '--help'.
    + CategoryInfo          : InvalidArgument: (:) [New-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-ExchangeCertificate

[PS] C:\Windows\system32>New-Exchangecertificate

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: '78231F05E72FEEBD6DAE85A67F6F4B75DB57940B' (expires 31/08/2026 11:31:14)
Replace it with certificate: 'DA7C335702FD492C967F217FC152980791A29498' (expires 31/08/2026 11:36:14)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): n

Thumbprint                                Services   Subject
----------                                --------   -------
DA7C335702FD492C967F217FC152980791A29498  ....S.     CN=galexchange


[PS] C:\Windows\system32>New-Exchangecertificate Enable-ExchangeCertificate
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP

cmdlet Enable-ExchangeCertificate at command pipeline position 1
Supply values for the following parameters:
Thumbprint: 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------
DA7C335702FD492C967F217FC152980791A29498  ....S.     CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B  ....S.     CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362  IP.W..     CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F  IP....     CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116  ....S.     CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7  IP..S.     E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...


[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------
DA7C335702FD492C967F217FC152980791A29498  ....S.     CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B  ....S.     CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362  IP.W..     CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F  IP....     CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116  ....S.     CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7  IP..S.     E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...


[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List NotAfter


NotAfter : 31/08/2026 11:36:14

NotAfter : 31/08/2026 11:31:14

NotAfter : 26/10/2021 12:22:55

NotAfter : 13/08/2021 08:00:14

NotAfter : 17/07/2018 12:54:48

NotAfter : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  DnsNameList,SubjectName,NotAfter


SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 31/08/2026 11:36:14

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 31/08/2026 11:31:14

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 26/10/2021 12:22:55

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 13/08/2021 08:00:14

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 17/07/2018 12:54:48

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter    : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  *


PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {galexchange, galexchange.galimberti.priv}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
RootCAType           : None
Services             : SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : ....S.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 31/08/2026 11:36:14
NotBefore            : 31/08/2021 11:36:14
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 16...}
SerialNumber         : 10848667CB4CD2AF4F19C0A5612CD6B9
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : DA7C335702FD492C967F217FC152980791A29498
Version              : 3
Handle               : 486783088
Issuer               : CN=galexchange
Subject              : CN=galexchange

PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {galexchange, galexchange.galimberti.priv}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
RootCAType           : None
Services             : SMTP
Status               : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : ....S.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 31/08/2026 11:31:14
NotBefore            : 31/08/2021 11:31:14
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 28...}
SerialNumber         : 1CB0413E7E11409E4F298F276136131C
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Version              : 3
Handle               : 542805328
Issuer               : CN=galexchange
Subject              : CN=galexchange

PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {galexchange.galimberti.net}
CertificateRequest   :
IisServices          : {IIS://galexchange/W3SVC/1}
IsSelfSigned         : False
KeyIdentifier        : A4159C7004977E316D91B071400B149252C780D3
RootCAType           : ThirdParty
Services             : IMAP, POP, IIS
Status               : Valid
SubjectKeyIdentifier : A4159C7004977E316D91B071400B149252C780D3
PrivateKeyExportable : False
PublicKeySize        : 3072
ServicesStringForm   : IP.W..
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
                       ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security
                       .Cryptography.Oid}
FriendlyName         : [Manual] galexchange.galimberti.net @ 2021/7/28 13:22:46
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 26/10/2021 12:22:55
NotBefore            : 28/07/2021 12:22:57
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 186, 48, 130, 4, 162, 160, 3, 2, 1, 2, 2, 18, 3...}
SerialNumber         : 03AF831F49F6951D987DA63AD598BD538AE5
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Version              : 3
Handle               : 542805584
Issuer               : CN=R3, O=Let's Encrypt, C=US
Subject              : CN=galexchange.galimberti.net

PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {galexchange.galimberti.net}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : False
KeyIdentifier        : E266130DF08006FC11B299A7C7C6DAFC62589FC3
RootCAType           : ThirdParty
Services             : IMAP, POP
Status               : DateInvalid
SubjectKeyIdentifier : E266130DF08006FC11B299A7C7C6DAFC62589FC3
PrivateKeyExportable : True
PublicKeySize        : 2048
ServicesStringForm   : IP....
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
                       ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security
                       .Cryptography.Oid}
FriendlyName         : galexchange.galimberti.net 2021/5/15 9:0:21
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 13/08/2021 08:00:14
NotBefore            : 15/05/2021 08:00:14
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 58, 48, 130, 4, 34, 160, 3, 2, 1, 2, 2, 18, 3...}
SerialNumber         : 036261BCB6E7280540E571393B2405982734
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Version              : 3
Handle               : 542805840
Issuer               : CN=R3, O=Let's Encrypt, C=US
Subject              : CN=galexchange.galimberti.net

PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
                       yAccessRule}
CertificateDomains   : {galexchange, galexchange.galimberti.priv}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 183C8C24315641D962D76DD0CA3692DAE0D788B0
RootCAType           : Unknown
Services             : SMTP
Status               : Invalid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize        : 2048
ServicesStringForm   : ....S.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 17/07/2018 12:54:48
NotBefore            : 17/07/2013 12:54:48
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 32, 48, 130, 2, 8, 160, 3, 2, 1, 2, 2, 16, 76...}
SerialNumber         : 4CC6F87C18A777AF4FAB9EABE0C627C3
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Version              : 3
Handle               : 542805968
Issuer               : CN=galexchange
Subject              : CN=galexchange

PSComputerName       : galexchange.galimberti.priv
RunspaceId           : 8f7144e4-7afa-43d1-b3f8-03f12c684fdd
AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {galexchange.galimberti.net}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : False
KeyIdentifier        : 560E442A915CC2457B699AAFB181BD3CC7520BD9
RootCAType           : Registry
Services             : IMAP, POP, SMTP
Status               : DateInvalid
SubjectKeyIdentifier : 560E442A915CC2457B699AAFB181BD3CC7520BD9
PrivateKeyExportable : True
PublicKeySize        : 1024
ServicesStringForm   : IP..S.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName         : galexchange.galimberti.net
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 22/08/2021 16:16:58
NotBefore            : 25/08/2011 16:16:58
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 4, 10, 48, 130, 3, 115, 160, 3, 2, 1, 2, 2, 1, 127...}
SerialNumber         : 7F
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Version              : 3
Handle               : 542806224
Issuer               : E=gal-alert@rvmgroup.it, CN=ca.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., L=Limbiat
                       e, S=MI, C=IT
Subject              : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A.,
                       S=MI, C=IT



[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Subject,Services,,Status,CertificateDomains,DnsNamesLis
t,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate  | Format-List  Subject,Services,, <<<< Status,CertificateDomains,DnsNamesList,NotAfter
    + CategoryInfo          : InvalidOperation: (,:String) [], RuntimeException
    + FullyQualifiedErrorId : MissingArgument

[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Subject,Services,,Status,CertificateDomains,DnsNameList
,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate  | Format-List  Subject,Services,, <<<< Status,CertificateDomains,DnsNameList,NotAfter
    + CategoryInfo          : InvalidOperation: (,:String) [], RuntimeException
    + FullyQualifiedErrorId : MissingArgument

[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Subject,Services,,Status,CertificateDomains,NotAfter
Missing argument in parameter list.
At line:1 char:59
+ Get-ExchangeCertificate  | Format-List  Subject,Services,, <<<< Status,CertificateDomains,NotAfter
    + CategoryInfo          : InvalidOperation: (,:String) [], RuntimeException
    + FullyQualifiedErrorId : MissingArgument

[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Subject,Services,Status,CertificateDomains,NotAfter


Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>New-Exchangecertificate --help
[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter


KeyIdentifier      : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

KeyIdentifier      : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

KeyIdentifier      : A4159C7004977E316D91B071400B149252C780D3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

KeyIdentifier      : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

KeyIdentifier      : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

KeyIdentifier      : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>New-Exchangecertificate
[PS] C:\Windows\system32>KeyIdentifier
[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 | New-ExchangeCert
ificate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate

[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 | New-ExchangeCert
ificate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate

[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3| New-ExchangeCerti
ficate -PrivateKeyExportable $true
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate

[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
    + CategoryInfo          : NotSpecified: (:) [Get-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.GetExchangeCertificate

[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------
DA7C335702FD492C967F217FC152980791A29498  ....S.     CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B  ....S.     CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362  IP.W..     CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F  IP....     CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116  ....S.     CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7  IP..S.     E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...


[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter


KeyIdentifier      : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

KeyIdentifier      : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

KeyIdentifier      : A4159C7004977E316D91B071400B149252C780D3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

KeyIdentifier      : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

KeyIdentifier      : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

KeyIdentifier      : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3
The certificate with thumbprint E266130DF08006FC11B299A7C7C6DAFC62589FC3 was not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
   e

[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint A4159C7004977E316D91B071400B149252C780D3
The certificate with thumbprint A4159C7004977E316D91B071400B149252C780D3 was not found.
    + CategoryInfo          : ObjectNotFound: (:) [Enable-ExchangeCertificate], InvalidOperationException
    + FullyQualifiedErrorId : 7011D46B,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificat
   e

[PS] C:\Windows\system32>Get-ExchangeCertificate

Thumbprint                                Services   Subject
----------                                --------   -------
DA7C335702FD492C967F217FC152980791A29498  ....S.     CN=galexchange
78231F05E72FEEBD6DAE85A67F6F4B75DB57940B  ....S.     CN=galexchange
83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362  IP.W..     CN=galexchange.galimberti.net
2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F  IP....     CN=galexchange.galimberti.net
0F319D1D72F2008CF4BFBC7AA7189335AAC1F116  ....S.     CN=galexchange
61D54FEB8B490B2018A123EE598685D5FC2F42E7  IP..S.     E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self...


[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Thumbprint,KeyIdentifier,Subject,Services,Status,Certif
icateDomains,NotAfter


Thumbprint         : DA7C335702FD492C967F217FC152980791A29498
KeyIdentifier      : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

Thumbprint         : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
KeyIdentifier      : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

Thumbprint         : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
KeyIdentifier      : A4159C7004977E316D91B071400B149252C780D3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

Thumbprint         : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
KeyIdentifier      : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

Thumbprint         : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
KeyIdentifier      : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

Thumbprint         : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
KeyIdentifier      : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Thumbprint,Subject,Services,Status,CertificateDomains,N
otAfter


Thumbprint         : DA7C335702FD492C967F217FC152980791A29498
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

Thumbprint         : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

Thumbprint         : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

Thumbprint         : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

Thumbprint         : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

Thumbprint         : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Get-ExchangeCertificate -Thumbprint 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F| New-ExchangeCertificate -PrivateKeyExportable $true
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'galexchange.galimberti.net'
because the CA-signed certificate with thumbprint '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' takes precedence. The
following receive/send connectors match that FQDN: Default GALEXCHANGE, Client GALEXCHANGE.

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: '78231F05E72FEEBD6DAE85A67F6F4B75DB57940B' (expires 31/08/2026 11:31:14)
Replace it with certificate: 'DD53DE8548FC84787A7EDB923E3B36D87996087C' (expires 31/08/2026 12:00:53)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Thumbprint                                Services   Subject
----------                                --------   -------
DD53DE8548FC84787A7EDB923E3B36D87996087C  IP..S.     CN=galexchange.galimberti.net


[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  KeyIdentifier,Subject,Services,Status,CertificateDomain
s,NotAfter


KeyIdentifier      : 61B8CFFFCB1143810FC2121ECCDE19973731E65B
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, SMTP
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 31/08/2026 12:00:53

KeyIdentifier      : C8CD627CFCA25E0A50B33398F9C50CBE712F978D
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

KeyIdentifier      : D58F17457C6A8CE0A44F81CA05CE9C18000156B2
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

KeyIdentifier      : A4159C7004977E316D91B071400B149252C780D3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

KeyIdentifier      : E266130DF08006FC11B299A7C7C6DAFC62589FC3
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

KeyIdentifier      : 183C8C24315641D962D76DD0CA3692DAE0D788B0
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

KeyIdentifier      : 560E442A915CC2457B699AAFB181BD3CC7520BD9
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Get-ExchangeCertificate  | Format-List  Thumbprint,Subject,Services,Status,CertificateDomains,N
otAfter


Thumbprint         : DD53DE8548FC84787A7EDB923E3B36D87996087C
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, SMTP
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 31/08/2026 12:00:53

Thumbprint         : DA7C335702FD492C967F217FC152980791A29498
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:36:14

Thumbprint         : 78231F05E72FEEBD6DAE85A67F6F4B75DB57940B
Subject            : CN=galexchange
Services           : SMTP
Status             : Valid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 31/08/2026 11:31:14

Thumbprint         : 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP, IIS
Status             : Valid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 26/10/2021 12:22:55

Thumbprint         : 2FF6DE4F17F383E0541C7DBD2345EC0C1C684C5F
Subject            : CN=galexchange.galimberti.net
Services           : IMAP, POP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 13/08/2021 08:00:14

Thumbprint         : 0F319D1D72F2008CF4BFBC7AA7189335AAC1F116
Subject            : CN=galexchange
Services           : SMTP
Status             : Invalid
CertificateDomains : {galexchange, galexchange.galimberti.priv}
NotAfter           : 17/07/2018 12:54:48

Thumbprint         : 61D54FEB8B490B2018A123EE598685D5FC2F42E7
Subject            : E=gal-alert@rvmgroup.it, CN=galexchange.galimberti.net, OU=Self Signed CA, O=Galimberti S.p.A., S=
                     MI, C=IT
Services           : IMAP, POP, SMTP
Status             : DateInvalid
CertificateDomains : {galexchange.galimberti.net}
NotAfter           : 22/08/2021 16:16:58



[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint DD53DE8548FC84787A7EDB923E3B36D87996087C
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'galexchange.galimberti.net'
because the CA-signed certificate with thumbprint '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' takes precedence. The
following receive/send connectors match that FQDN: Default GALEXCHANGE, Client GALEXCHANGE.
[PS] C:\Windows\system32>Enable-ExchangeCertificate -services SMTP -Thumbprint 83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: 'DD53DE8548FC84787A7EDB923E3B36D87996087C' (expires 31/08/2026 12:00:53)
Replace it with certificate: '83CABD13FB7342E5D2FEA17F7BE0A8B5A8178362' (expires 26/10/2021 12:22:55)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): n
[PS] C:\Windows\system32>

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Exchange_non_autentica_gli_utenti&oldid=10578"