Exchange 2007 serti...
 
Bildirimler
Hepsini Temizle

Exchange 2007 sertifika problemi  

  RSS
sakir arslan
(@sakirarslan)
Üye

Subject      : CN=mailserver
Issuer       : CN=mailserver
Thumbprint   : FC64D41393C6D6A0ECA10C9D6D1DDD08BBDE5D59
FriendlyName : Microsoft Exchange
NotBefore    : 10.08.2010 20:25:03
NotAfter     : 10.08.2015 20:25:03
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.
               Oid, System.Security.Cryptography.Oid, System.Security.Cryptogra
               phy.Oid}

Subject      : CN=sendeyok-MAILSERVER-CA, DC=sendeyok, DC=local
Issuer       : CN=sendeyok-MAILSERVER-CA, DC=sendeyok, DC=local
Thumbprint   : D01CC33DAA5356E8C2A7AB3A5DEDEDAF6350C854
FriendlyName :
NotBefore    : 10.08.2010 20:43:58
NotAfter     : 10.08.2015 20:53:56
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.
               Oid, System.Security.Cryptography.Oid, System.Security.Cryptogra
               phy.Oid}

Subject      : CN=WMSvc-MAILSERVER
Issuer       : CN=WMSvc-MAILSERVER
Thumbprint   : 906A271811CED4DEBB6A28302E3E23170C224B82
FriendlyName :
NotBefore    : 10.08.2010 20:10:42
NotAfter     : 07.08.2020 20:10:42
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.
               Oid}

Subject      : E=Administrator@sendeyok.local, CN=Administrator, CN=Users, DC=s
               endeyok, DC=local
Issuer       : CN=sendeyok-MAILSERVER-CA, DC=sendeyok, DC=local
Thumbprint   : 222AE391EFF6857896CEC14FB85FD0CE28C8C874
FriendlyName : mail.sendeyok.com
NotBefore    : 10.08.2010 20:48:44
NotAfter     : 10.08.2011 20:48:44
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.
               Oid, System.Security.Cryptography.Oid, System.Security.Cryptogra
               phy.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
               ography.Oid, System.Security.Cryptography.Oid, System.Security.C
               ryptography.Oid, System.Security.Cryptography.Oid}

 

 

bu bilgilere göre aktif etmek için aşağıdaki komutu uyguluyorum aldım hata aşağıda

 

Enable-ExchangeCertificate -Thumbprint 222AE391EFF6857896CEC14FB85FD0CE28C8C874 -services "IIS,IMAP,POP"

 

hata bilgileri

Enable-ExchangeCertificate : The certificate with thumbprint 222AE391EFF6857896
CEC14FB85FD0CE28C8C874 was found but is not valid for use with Exchange Server
(reason: PkixKpServerAuthNotFoundInEnhancedKeyUsage).
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 222AE391EFF6857896CEC14FB85FD0CE
28C8C874 -services "IIS,IMAP,POP"
[PS] C:\Windows\System32>
 

Alıntı
Gönderildi : 11/08/2010 00:14
Hakan Uzuner
(@hakanuzuner)
Kıdemli Üye Yönetici

Merhaba

PkixKpServerAuthNotFoundInEnhancedKeyUsage this translates to : The enhanced key usage
extension is present in the certificate but it does not contain the
server auth OID.

 

First
please try to check if you have value on Enhanced Key Usage from
Certificate MMC.

 

1.    Run “MMC” from a command prompt.

2.    Click on file on the toolbar and select
“Add/Remove snap in…”

3.    In the “Standalone” tab, click on
”Add”-“Certificates”-“Computer account”-“Local computer”

4.    Click “Finish” and “Ok”.

5.    Expand ”Certificates”-“Personal”-“Certificate”,
”Certificates”-“Trusted Root Certification Authorities”-“Certificate”.

6.    Double click on the certificate and then go to
“Details” tab.

7.    There please try to find the Enhanced Key Usage in the down scroll list.

 

If it is has no value on it, then we need to
create a new certificate

 

Please try
to
New-ExchangeCertificate from Exchange management shell on CAS role with
PrivateKeyExportable
$True
.

 

And then
enable the certificate on the IIS Manager for
Exchange 2007 server.

 

After that
please check if the certificate has been installed under Trusted Root
CA from Certificate MMC, if not then please install the certificate
under Trusted Root CA.

 

If it has
value on it, then we need to check value on OID from ADSIedit.msc. We
shall deleted the OID “1.3.6.1.5.5.7.3.1” using ADSIedit.msc from
"CN=Configuration,
DC=Domain, Dc=com -> CN=Services, CN=Public
Key Services, CN=OID",

 

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

CevapAlıntı
Gönderildi : 11/08/2010 16:56
Paylaş: