我安装了Exchange 2019用于测试,购买了域名和证书,安装后显示状态:无效,谢谢。
以下是 certutil -verify 的结果
Issuer:
CN=ZeroSSL RSA Domain Secure Site CA
O=ZeroSSL
C=AT
Name Hash(sha1): 082e3ff9058cfe8a7c18bd13efdf1d1660707a6b
Name Hash(md5): ab1639dd9160fab0f92496ffe91dc2aa
Subject:
CN=mail.belxchange.com
Name Hash(sha1): e5b331beff7e2e09aeef22bae49b7edad6ef3ec7
Name Hash(md5): 00ff0b4da8f724bc70646e3b026e45d1
Cert Serial Number: e28ee3f7a40f789620b258aae02b60dd
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
NotBefore: 6/28/2021 8:00 PM
NotAfter: 9/27/2021 7:59 PM
Subject: CN=mail.belxchange.com
Serial: e28ee3f7a40f789620b258aae02b60dd
SubjectAltName: DNS Name=mail.belxchange.com
Cert: beffb40c51aa7de210779220bf6b98be69d67911
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
ThisUpdate: 6/29/2021 4:50 PM
NextUpdate: 7/6/2021 4:50 PM
CRL: 2e9f37d78d9ae1a9e435760e1d9b006b55dafe3c
Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
Issuance[1] = 2.23.140.1.2.1
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
NotBefore: 1/29/2020 8:00 PM
NotAfter: 1/29/2030 7:59 PM
Subject: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
Serial: 6c55abdbd00792c79d070cd8119ed6bf
Cert: c81a8bd1f9cf6d84c525f378ca1d3f8c30770e34
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
ThisUpdate: 6/30/2021 4:28 AM
NextUpdate: 7/7/2021 4:28 AM
CRL: 33d94bdc17a67be0286bea0e96cfe3b6ad7c3284
Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
Issuance[1] = 2.23.140.1.2.1
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
NotBefore: 1/31/2010 8:00 PM
NotAfter: 1/18/2038 7:59 PM
Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Serial: 01fd6d30fca3ca51a81bbc640e35032d
Cert: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.3 Code Signing
Application[2] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System
Application[3] = 1.3.6.1.5.5.7.3.4 Secure Email
Application[4] = 1.3.6.1.5.5.7.3.6 IP security tunnel termination
Application[5] = 1.3.6.1.5.5.7.3.7 IP security user
Application[6] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[7] = 1.3.6.1.5.5.7.3.8 Time Stamping
EV[0] = 1.3.6.1.4.1.6449.1.2.1.5.1
EV[1] = 2.23.140.1.3
Exclude leaf cert:
Chain: a126b04b452a7f46b037e93b530914e84dd20f84
Full chain:
Chain: 480ccb6aae924c7427e4e32e37bf45e8261459bf
------------------------------------
Verified Issuance Policies:
1.3.6.1.4.1.6449.1.2.2.78
2.23.140.1.2.1
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.1 Server Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
PS C:\Users\Administrator>
答案1
我找到了类似的帖子,请检查一下安迪和乔伊斯的回答对你有帮助:Exchange 2019 中的证书无效