Ssl

Exchange 2019 ssl 證書無效

  • July 1, 2021

我已安裝 Exchange 2019 用於測試目的。我已經購買了域名和證書。我安裝後,狀態顯示:無效。謝謝你。 在此處輸入圖像描述

這是 certutil -verify 的結果

Issuer:
   CN=ZeroSSL RSA Domain Secure Site CA
   O=ZeroSSL
   C=AT
 Name Hash(sha1): 082e3ff9058cfe8a7c18bd13efdf1d1660707a6b
 Name Hash(md5): ab1639dd9160fab0f92496ffe91dc2aa
Subject:
   CN=mail.belxchange.com
 Name Hash(sha1): e5b331beff7e2e09aeef22bae49b7edad6ef3ec7
 Name Hash(md5): 00ff0b4da8f724bc70646e3b026e45d1
Cert Serial Number: e28ee3f7a40f789620b258aae02b60dd

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds

CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
 Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
 NotBefore: 6/28/2021 8:00 PM
 NotAfter: 9/27/2021 7:59 PM
 Subject: CN=mail.belxchange.com
 Serial: e28ee3f7a40f789620b258aae02b60dd
 SubjectAltName: DNS Name=mail.belxchange.com
 Cert: beffb40c51aa7de210779220bf6b98be69d67911
 Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
 Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
   CRL (null):
   Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
   ThisUpdate: 6/29/2021 4:50 PM
   NextUpdate: 7/6/2021 4:50 PM
   CRL: 2e9f37d78d9ae1a9e435760e1d9b006b55dafe3c
 Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
 Issuance[1] = 2.23.140.1.2.1
 Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
 Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication

CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
 Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
 NotBefore: 1/29/2020 8:00 PM
 NotAfter: 1/29/2030 7:59 PM
 Subject: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
 Serial: 6c55abdbd00792c79d070cd8119ed6bf
 Cert: c81a8bd1f9cf6d84c525f378ca1d3f8c30770e34
 Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
 Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
   CRL (null):
   Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
   ThisUpdate: 6/30/2021 4:28 AM
   NextUpdate: 7/7/2021 4:28 AM
   CRL: 33d94bdc17a67be0286bea0e96cfe3b6ad7c3284
 Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
 Issuance[1] = 2.23.140.1.2.1
 Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
 Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication

CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
 Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
 NotBefore: 1/31/2010 8:00 PM
 NotAfter: 1/18/2038 7:59 PM
 Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
 Serial: 01fd6d30fca3ca51a81bbc640e35032d
 Cert: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e
 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
 Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
 Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
 Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
 Application[1] = 1.3.6.1.5.5.7.3.3 Code Signing
 Application[2] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System
 Application[3] = 1.3.6.1.5.5.7.3.4 Secure Email
 Application[4] = 1.3.6.1.5.5.7.3.6 IP security tunnel termination
 Application[5] = 1.3.6.1.5.5.7.3.7 IP security user
 Application[6] = 1.3.6.1.5.5.7.3.1 Server Authentication
 Application[7] = 1.3.6.1.5.5.7.3.8 Time Stamping
 EV[0] = 1.3.6.1.4.1.6449.1.2.1.5.1
 EV[1] = 2.23.140.1.3

Exclude leaf cert:
 Chain: a126b04b452a7f46b037e93b530914e84dd20f84
Full chain:
 Chain: 480ccb6aae924c7427e4e32e37bf45e8261459bf
------------------------------------
Verified Issuance Policies:
   1.3.6.1.4.1.6449.1.2.2.78
   2.23.140.1.2.1
Verified Application Policies:
   1.3.6.1.5.5.7.3.2 Client Authentication
   1.3.6.1.5.5.7.3.1 Server Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
PS C:\Users\Administrator>

我找到了一個類似的文章,請檢查AndyJoyce的回答是否對您有幫助:Certificate invalid in Exchange 2019

引用自:https://serverfault.com/questions/1068259