[求助]高手帮我看看我申请的证书对吗？ [复制链接]

高手帮我看看我申请的证书对吗？怎么感觉怪怪的，之前申请了一个，怎么里面有三个证书？

[PS] C:\Documents and Settings\Administrator\桌面>Get-ExchangeCertificate | fl *

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                       em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {mail.域名.com}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : False
KeyIdentifier        : 0A364D41F07A6AE14D8AFA596D8CD0E5018379B6
RootCAType           : Enterprise
Services             : IMAP, POP
Status               : Valid
PrivateKeyExportable : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                       ography.Oid, System.Security.Cryptography.Oid, System.Se
                       curity.Cryptography.Oid, System.Security.Cryptography.Oi
                       d, System.Security.Cryptography.Oid, System.Security.Cry
                       ptography.Oid, System.Security.Cryptography.Oid, System.
                       Security.Cryptography.Oid}
FriendlyName         :
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
NotAfter             : 2011-12-8 11:40:19
NotBefore            : 2010-12-8 11:40:19
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 142, 48, 130, 4, 118, 160, 3, 2, 1, 2, 2, 1
                       0, 19...}
SerialNumber         : 13732851000000000009
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 5E851A33F28F6C239B1C06E05F3D6FBCB86A39F5
Version              : 3
Handle               : 472177856
Issuer               : CN=域名, DC=域名, DC=com
Subject              : CN=mail.域名.com


AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                       em.Security.AccessControl.CryptoKeyAccessRule, System.Se
                       curity.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {mail.域名.com, 域名, autodiscover.域名.com,
                        autodiscover}
CertificateRequest   :
IisServices          : {IIS://mail/W3SVC/1}
IsSelfSigned         : False
KeyIdentifier        : 79121C22A7DEE38EF0BDB369DEA68F0E2E53FE01
RootCAType           : Enterprise
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                       ography.Oid, System.Security.Cryptography.Oid, System.Se
                       curity.Cryptography.Oid, System.Security.Cryptography.Oi
                       d, System.Security.Cryptography.Oid, System.Security.Cry
                       ptography.Oid, System.Security.Cryptography.Oid}
FriendlyName         : Microsoft Exchange
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
NotAfter             : 2012-11-30 16:41:15
NotBefore            : 2010-12-1 16:41:15
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 201, 48, 130, 4, 177, 160, 3, 2, 1, 2, 2, 1
                       0, 17...}
SerialNumber         : 11D13591000000000008
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : EAE40A4D16CAAF78FDC6BF501B4FDE29656D8B38
Version              : 3
Handle               : 471817008
Issuer               : CN=域名, DC=域名, DC=com
Subject              : CN=mail.域名.com


AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, Syst
                       em.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {域名}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : True
KeyIdentifier        : 49A86164DC4678A396139E60568932F72B5FC79F
RootCAType           : Enterprise
Services             : None
Status               : Valid
PrivateKeyExportable : True
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Crypt
                       ography.Oid, System.Security.Cryptography.Oid, System.Se
                       curity.Cryptography.Oid, System.Security.Cryptography.Oi
                       d, System.Security.Cryptography.Oid}
FriendlyName         :
IssuerName           : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
NotAfter             : 2015-10-20 18:10:39
NotBefore            : 2010-10-20 18:01:52
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 4, 113, 48, 130, 3, 89, 160, 3, 2, 1, 2, 2, 16
                       , 46...}
SerialNumber         : 2EB372584F25A2BF45117387448C5D73
SubjectName          : System.Security.Cryptography.X509Certificates.X500Distin
                       guishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 5308C3790368B174FFC80FBA95132E9BBC5E64FD
Version              : 3
Handle               : 472179280
Issuer               : CN=域名, DC=域名, DC=com
Subject              : CN=域名, DC=域名, DC=com

您好，以我个人经验判断，最下面那张有效期是5年的为企业根证书。第二张有效期两年的是IIS即OWA的证书，IIS的年限必须在企业证书的年限之内。第一张证书是外部通过POP3或者IMAP方式访问企业邮件服务器的证书。

版主如果觉得没问题，那就ok 了，谢谢版主