Exchange 2019 SSL 证书无效

2024-6-1 • tag-icon
我安装了Exchange 2019用于测试，购买了域名和证书，安装后显示状态：无效，谢谢。
以下是 certutil -verify 的结果
Issuer:
    CN=ZeroSSL RSA Domain Secure Site CA
    O=ZeroSSL
    C=AT
  Name Hash(sha1): 082e3ff9058cfe8a7c18bd13efdf1d1660707a6b
  Name Hash(md5): ab1639dd9160fab0f92496ffe91dc2aa
Subject:
    CN=mail.belxchange.com
  Name Hash(sha1): e5b331beff7e2e09aeef22bae49b7edad6ef3ec7
  Name Hash(md5): 00ff0b4da8f724bc70646e3b026e45d1
Cert Serial Number: e28ee3f7a40f789620b258aae02b60dd

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 17 Hours, 19 Minutes, 5 Seconds

CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
  NotBefore: 6/28/2021 8:00 PM
  NotAfter: 9/27/2021 7:59 PM
  Subject: CN=mail.belxchange.com
  Serial: e28ee3f7a40f789620b258aae02b60dd
  SubjectAltName: DNS Name=mail.belxchange.com
  Cert: beffb40c51aa7de210779220bf6b98be69d67911
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    CRL (null):
    Issuer: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
    ThisUpdate: 6/29/2021 4:50 PM
    NextUpdate: 7/6/2021 4:50 PM
    CRL: 2e9f37d78d9ae1a9e435760e1d9b006b55dafe3c
  Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
  Issuance[1] = 2.23.140.1.2.1
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication

CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
  NotBefore: 1/29/2020 8:00 PM
  NotAfter: 1/29/2030 7:59 PM
  Subject: CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT
  Serial: 6c55abdbd00792c79d070cd8119ed6bf
  Cert: c81a8bd1f9cf6d84c525f378ca1d3f8c30770e34
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    CRL (null):
    Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
    ThisUpdate: 6/30/2021 4:28 AM
    NextUpdate: 7/7/2021 4:28 AM
    CRL: 33d94bdc17a67be0286bea0e96cfe3b6ad7c3284
  Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.78
  Issuance[1] = 2.23.140.1.2.1
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication

CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
  NotBefore: 1/31/2010 8:00 PM
  NotAfter: 1/18/2038 7:59 PM
  Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
  Serial: 01fd6d30fca3ca51a81bbc640e35032d
  Cert: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.3 Code Signing
  Application[2] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System
  Application[3] = 1.3.6.1.5.5.7.3.4 Secure Email
  Application[4] = 1.3.6.1.5.5.7.3.6 IP security tunnel termination
  Application[5] = 1.3.6.1.5.5.7.3.7 IP security user
  Application[6] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[7] = 1.3.6.1.5.5.7.3.8 Time Stamping
  EV[0] = 1.3.6.1.4.1.6449.1.2.1.5.1
  EV[1] = 2.23.140.1.3

Exclude leaf cert:
  Chain: a126b04b452a7f46b037e93b530914e84dd20f84
Full chain:
  Chain: 480ccb6aae924c7427e4e32e37bf45e8261459bf
------------------------------------
Verified Issuance Policies:
    1.3.6.1.4.1.6449.1.2.2.78
    2.23.140.1.2.1
Verified Application Policies:
    1.3.6.1.5.5.7.3.2 Client Authentication
    1.3.6.1.5.5.7.3.1 Server Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
PS C:\Users\Administrator>
答案1

我找到了类似的帖子，请检查一下安迪和乔伊斯的回答对你有帮助：Exchange 2019 中的证书无效
答案1

相关内容
