Many organizations make use of a WildCard Certificate in their Exchange Environment. This makes sense when you have quite a number of SAN names to use.
In Exchange 2010 or Exchange 2013, if you try and update the X.509 Certificate Name when using a WildCard Certificate, whether it is in the EAC or ECP, you are presented with a warning to advise you to use PowerShell to update the name.
Let’s take a look at what we are referring to. Launch the Exchange Control Panel (ECP) on your server and Expand “Microsoft Exchange On-Premise”. Next expand “Server Configuration and click on “Client Access” (As Shown Below).
Now, click on a CAS Server and Click on the POP3 and IMAP4 tab.
Next step is to double click on POP3 and then click on the “Authentication” Tab.
If you have a normal SAN cert, you can enter in the name to use, however if you are using a WildCard Cert and type in the name and click apply you are presented with the following error/warning:
So, no to worry, we can use the Exchange Management Shell to set the information. Take note, the same error is given for Exchange 2013.
Launch the Exchange Management Shell and type in the following commands to set the POP/IMAP settings:
- Set-ImapSettings -server CAS -X509CertificateName imap.domain.com
- Set-PopSettings -server CAS -X509CertificateName pop.domain.com
The last step is to Stop and Start the POP and IMAP services, once done you can monitor the event log for any errors.
Hope it helps.