Exchange Hybrid SSL Certificate Question
Hello, Would like to ask reg SSL Certificate for Hybrid. I have Exchange 2013. We have the following domains. Parent domain - domain1.com (No SMTP, Not using as email address) Other domains - domain2.com, domain3.com, domain4.com (Used as email address) Question is, do I need to add domain1.com as part of my SSL Certificate or I just need to use other domains? TIA!
Exchange 2016 Issue. Event 15021 An error occurred while using SSL configuration for endpoint
Hello My event logs on my exchange server are constantly getting hit with: Event 15021 HttpEvent An error occurred while using SSL configuration for endpoint [::]:443. The error status code is contained within the returned data. I have checked around on this issue and some of the other results or fixes of this issue don't seem to work with mine. My users are able to access OWA and ECP and I don't really notice any issues with the system. Other reports have have these troubleshooting steps: netsh http show sslcert this returns: SSL Certificate bindings: ------------------------- IP:port : 0.0.0.0:443 Certificate Hash : 0c9d535326---------------------------- Application ID : {4dc3e181-e14b------------------------} Certificate Store Name : MY Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled IP:port : 0.0.0.0:444 Certificate Hash : 760aa39d552-------------------------- Application ID : {4dc3e181-e14b-----------------------} Certificate Store Name : MY Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled IP:port : 0.0.0.0:8172 Certificate Hash : 23f927ab6ccfb---------------------------- Application ID : {00000000-0000-0000-0000-000000000000} Certificate Store Name : MY Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled IP:port : 127.0.0.1:443 Certificate Hash : 0c9d5353261e510------------------------- Application ID : {4dc3e181-e14b----------------------} Certificate Store Name : MY Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled IP:port : [::]:443 Certificate Hash : 7d8923810fce72-------------------------- Application ID : {ba195980-cd49---------------------} Certificate Store Name : MY Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled I am assuming the last binding is the issue but when I go to IIS and check that binding for 443 * it shows my correct wildcard certificate. But this netsh command does show a different Certificate Hash from the 443 certs and they really should be the same so I am not sure why IIS is showing it that way. Should I run the netsh command and replace the certificate for the this binding to match the one that is in the other bindings?