Enable POP/IMAP with Wildcard SSL Cert on Exchange 2013

You are here:
← All Topics
Contents

Steps to enable POP/IMAP with wildcard SSL cert on Exchange 2013

Enable POP3 & IMAP4 Services

POP3 & IMAP4 services are stopped with manual startup in Exchange 2013 by default.

Start the services and change the startup type to Automatic

#Start POP3 & IMAP Service and change startup to Automatic
Get-Service  -Name MSExchangePOP* , MSExchangeIMAP* | Start-Service
Get-Service  -Name MSExchangePOP* , MSExchangeIMAP* | Set-Service -StartupType Automatic

Change the FQDN to match with Wildcard SSL Cert

Set-popSettings -X509CertificateName mail.aventislab.info
Set-ImapSettings -X509CertificateName mail.aventislab.info

Assign wildcard SSL cert to POP3 & IMAP4 Services and ingore the warning message

#Get the thumbprint for Wildcard SSL Cert
$Cert = Get-ExchangeCertificate | ? Subject -like "*.aventislab.info"
#Assign it to POP3 & IMAP4 Service
Enable-ExchangeCertificate -Thumbprint $Cert.Thumbprint -Services POP,IMAP

#Ignore the following warnig
WARNING: This certificate with thumbprint 1F2F3C6753ED9CCC58C34DC7B0CB4C352FD2AC99 and subject '*.aventislab.info' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (F
QDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

#Ignore the following warnig
WARNING: This certificate with thumbprint 1F2F3C6753ED9CCC58C34DC7B0CB4C352FD2AC99 and subject '*.aventislab.info' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (
FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Restart POP3 & IMAP4 services

Get-Service  -Name MSExchangePOP* , MSExchangeIMAP* | Restart-Service

Go to Microsoft Remote Connectivity Analyzer to verify whether the secure POP3 (TCP 995) & Secure IMAP4 (TCP 993) are working fine

Change the FQDN for Receiver Connector for Port 587 to match the Wildcard SSL Certificate

Get-ReceiveConnector | ? Bindings -like "*:587" | Set-ReceiveConnector -Fqdn mail.aventislab.info

Outlook 2016 Configuration

Go to Control Panel – Mail to create a new Profile

Configuration of Secure POP3 (Port 995) by following the settings highlighed in RED BOX

EX-POP3-01

Configuration of Secure IMAP4 (Port 993) by following the settings highlighed in RED BOX

EX-IMAP4-02