This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hi all!
I have one on-premise exchange 2019 server.
Server name: MAIL01
FQDN: mail01.company.local
I also have valid wildcard cert for my trusted domain.
*.company.hu
I have two problem:
When I want to add to Wildcard cert to POP and IMAP service, it is drop errors with FQDN problem.
This certificate with thumbprint **** and subject '*.company.hu' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.
This certificate with thumbprint **** and subject '*.company.hu' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.
When I want to reach owa from inside my org, it's always drop cert problem because cert is not trusted (i try reach from https://mail01.company.local name).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 94%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Hi @Szilágyi Sándor ,
For the first problem, this official document states: Do not enable wildcard certificates for IMAP and POP services.
Therefore, you should use the following command:
Set-POPSettings -X509CertificateName mail.doman.com
Set-IMAPSettings -X509CertificateName mail.domain.com
And then restart the IMAP and POP services
For more details, you could refer to configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server
Please Note: Since these web sites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
For the issue of untrusted certificates when accessing OWA, would you provide detailed error information to analyze the problem?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Your answer is correct. Thanks
Based on my knowledge, it is reasonable to get the error above when we try to assign POP3 or IMAP services to the certificates (or run Enable-ExchangeCertificate).
Actually, after configuring X509 CertificateName of POP3 settings and restart the POP3 service, it will work fine even though we cannot see POP in ECP GUI.
Here is a similar thread for reference:
Problems with assigning services to a wildcard certificate
The certificate can not be used for POP SSL/TLS
Issues with Wildcard Certificate for POP/IMAP
I tried to set this, but it doesn't help me.
I added this command, but when i try to restart service, i got error text.
[PS] C:\Windows\system32>Restart-Service MSExchangeIMAP4; Restart-Service MSExchangeIMAP4BE
Restart-Service : Service 'Microsoft Exchange IMAP4 (MSExchangeIMAP4)' cannot be stopped due to the following error: Cannot open MSExchangeIMAP4 service on computer '.'.
At line:1 char:1
+ Restart-Service MSExchangeIMAP4; Restart-Service MSExchangeIMAP4BE
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Restart-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.RestartServiceCommand
Restart-Service : Service 'Microsoft Exchange IMAP4 Backend (MSExchangeIMAP4BE)' cannot be stopped due to the following error: Cannot open MSExchangeIMAP4BE service on comput
er '.'.
At line:1 char:34
+ Restart-Service MSExchangeIMAP4; Restart-Service MSExchangeIMAP4BE
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Restart-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.RestartServiceCommand
Hi @Szilágyi Sándor ,
Thanks for your reply.
It is recommended that you start the services manually.
I found, that two service is not running. I started it, but the problem is also still.
When i try add my wildcart cert to POP or IMAP service, i got this error:
This certificate with thumbprint ************ and subject '*.companyname.hu' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.
I use this command:
[PS] C:\Windows\system32>Set-POPSettings -X509CertificateName mail.companyname.hu
WARNING: The command completed successfully but no settings of 'MAIL01\1' have been modified.
Hi,
Have you successfully added it now?
If you run Get-POPSettings, what is the result?
I got this:
[PS] C:\Windows\system32>Get-PopSettings
UnencryptedOrTLSBindings SSLBindings LoginType X509CertificateName
------------------------ ----------- --------- -------------------
{[::]:110, 0.0.0.0:110} {[::]:995, 0.0.0.0:995} SecureLogin mail.companyname.hu
Hi @Szilágyi Sándor ,
Thanks for your reply.
This result indicates that the wildcard certificate has been configured.
Even with this warning, it still works fine.
It is recommended that you try to setup the user profile with POP/IMAP and check whether any errors occur.
You can view this thread: 2182064-exchange-2010-wildcard-pop-imap