Enable POP/IMAP with Wildcard SSL Cert on Exchange 2013
Steps to enable POP/IMAP with wildcard SSL cert on Exchange 2013
Enable POP3 & IMAP4 Services
POP3 & IMAP4 services are stopped with manual startup in Exchange 2013 by default.
Start the services and change the startup type to Automatic
#Start POP3 & IMAP Service and change startup to Automatic
Get-Service -Name MSExchangePOP* , MSExchangeIMAP* | Start-Service
Get-Service -Name MSExchangePOP* , MSExchangeIMAP* | Set-Service -StartupType Automatic
Change the FQDN to match with Wildcard SSL Cert
Set-popSettings -X509CertificateName mail.aventislab.info
Set-ImapSettings -X509CertificateName mail.aventislab.info
Assign wildcard SSL cert to POP3 & IMAP4 Services and ingore the warning message
#Get the thumbprint for Wildcard SSL Cert
$Cert = Get-ExchangeCertificate | ? Subject -like "*.aventislab.info"
#Assign it to POP3 & IMAP4 Service
Enable-ExchangeCertificate -Thumbprint $Cert.Thumbprint -Services POP,IMAP
#Ignore the following warnig
WARNING: This certificate with thumbprint 1F2F3C6753ED9CCC58C34DC7B0CB4C352FD2AC99 and subject '*.aventislab.info' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (F
QDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.
#Ignore the following warnig
WARNING: This certificate with thumbprint 1F2F3C6753ED9CCC58C34DC7B0CB4C352FD2AC99 and subject '*.aventislab.info' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (
FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.
Restart POP3 & IMAP4 services
Get-Service -Name MSExchangePOP* , MSExchangeIMAP* | Restart-Service
Go to Microsoft Remote Connectivity Analyzer to verify whether the secure POP3 (TCP 995) & Secure IMAP4 (TCP 993) are working fine
Change the FQDN for Receiver Connector for Port 587 to match the Wildcard SSL Certificate
Get-ReceiveConnector | ? Bindings -like "*:587" | Set-ReceiveConnector -Fqdn mail.aventislab.info
Outlook 2016 Configuration
Go to Control Panel – Mail to create a new Profile
Configuration of Secure POP3 (Port 995) by following the settings highlighed in RED BOX
Configuration of Secure IMAP4 (Port 993) by following the settings highlighed in RED BOX