Enable-ExchangeCertificate –Thumbprint <thumbprint> -Services POP, IMAP
Enable-ExchangeCertificate cmdlet automatically configures the X509CertificateName parameter in the POP settings and in the IMAP settings by using the domain name in the certificate. The Exchange server searches for compatible certificates when the Exchange server creates a TLS session with a client. However, the Exchange server cannot find a matching certificate because there is no specific fully qualified domain name (FQDN).
Enable-ExchangeCertificate cmdlet and the New-ExchangeCertificate cmdlet will not set the X509CertificateNameparameter. The X509CertificateNameparameter is set by removing POP and IMAP as valid values from the -Services parameter.
To help administrators, the cmdlet displays a warning that resembles the following: Additionally, the Set-IMAPSettings cmdlet and the X509CertificateName parameter for the Set-POPSetings cmdlet do not accept wildcard characters.
For example, *.contoso.com represents contoso.com and all the sub-domains for contoso.com. When you use a wildcard character to create a certificate or to create a certificate request for all accepted domains, you can simplify the request significantly.
Article ID: 948896 - Last Review: Aug 25, 2009 - Revision: 1