IMAP certificate problem

Question

Hi!

Exchange 2019 CU 6

I have self-signed certificate from local CA with SMTP, POP, IMAP services binded.

I'm using wildcard certificate for external connections which is binded to IIS, SMTP(default)

I Set-ImapSettings -X509CertificateName mxm.contoso.com (external fqdn of the server )
Get-IMAP settings:
ProtocolName : IMAP4
Name : 1
MaxCommandSize : 10240
ShowHiddenFoldersEnabled : False
UnencryptedOrTLSBindings : {[::]:143, 0.0.0.0:143}
SSLBindings : {[::]:993, 0.0.0.0:993}
InternalConnectionSettings : {mxm.contoso.local:993:SSL, mxm.contoso.local:143:TLS}
ExternalConnectionSettings : {mxm.contoso.ru:143:TLS, mxm.contoso.ru:993:SSL}
X509CertificateName : mxm.contoso.ru
Banner : The Microsoft Exchange IMAP4 service is ready.
LoginType : SecureLogin

When I perform openssl s_client -showcerts -connect mxm.contoso.ru:993 -servername mxm.contoso.ru
I receive self-signed certificate instead of wildcard.

Please help.

Best regards, Alex

Answer 1

Fixed it by myself.

create imap cname pointing to server fqdn

imap CNAME mxm.contoso.com

Changed Set-ImapSettings -ExternalConnectionSettings "imap.contoso.com:143:TLS", "imap.contoso.com:993:SSL" -X509CertificateName imap.contoso.com

restart services and voila

I don't understand why it didn't work with server fqdn

Answer 2

The wildcard cert isnt enabled for IMAP though it is? Just the self-signed?

Enable-ExchangeCertificate -Thumbprint <Thumprint of WIldCard Cert>  -Services IMAP, POP

You may get a warning message

and restart POP and IMAP services

then check with
Get-IMAP setting

and restart POP and IMAP services