I'm trying to set up TLS for the POP3 server in the Exchange CAS role.
I purchased a cert from NameCheap, and the CA path is fully trusted, and installed it within the Certificates MMC snap-in without any trouble.
However Exchange 2010 doesn't seem to like it: I see this in the event viewer:
Event ID: 2007 Source: MSExchangePOP3 A certificate for the host name "mail.mydomain.net" couldn't be found. SSL or TLS encryption can't be made to the POP3 service.
...despite the fact that such a certificate does exist:
[PS] C:\Windows\system32>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
DAFFAE2391F40412386DCFC3AC8E822AAE181312 .P.W.. CN=mail.mydomain.net, OU=PositiveSSL, OU=Domain Control Validated
1C363A4D6A40921230BBD02C47A3260863D05CAA I...S. CN=machineName
BCSH281A051860123D70C0BD2E1EB6DBABDC98DD ...... CN=WMSvc-MACHINENAME
I've started the server (and services) numerous times. I don't understand why it doesn't work.
It looks like you have the certificate enabled and installed for POP3 services. You could try a to rerun Enable-ExchangeCertificate. I'm assuming you requested the certificate with New-ExchangeCertificate, which if not may be worthwhile for a clean Exchange certificate retry.
However, there are issues where the certificate in question can have certain problems that make Exchange 2010 fail. Try to use the self-signed default certificate to test temporarily and/or have NameCheap re-issue the certificate. Ref: Error ID 2007 Exchange 2010
If I'm way off please post details of Get-ExchangeCertificate DAFFAE2391F40412386DCFC3AC8E822AAE181312 | fl
It turns out this was just a random glitch. I went back to NameCheap and re-issued the certificate using the same steps as before. After I imported it into Exchange I was able to secure POP3 without any issues.