New SSL Certificate for Mail Server

Posted on 2007-10-02
Last Modified: 2008-01-09
Hello Experts:

Recently, I have switched one of my companies that was running Exchange 2003 on a SBS 2003 Server over to a server running Exchange 2007.  I want to RPC over HTTP on the Exchange 2007 server--the question I have is can I use the SSL certificate that is on the SBS server or do I have to get a new SSL cerificate for the Exchange 2007 server?

Thanks for the help
Question by:huntersp3
    LVL 9

    Expert Comment

    The SSL certificate is typically bound to the hostname of the server.    You might be able to use, if it can the validated, but it likely won't be the same hostname.

    You could create an SSL cert locally
    LVL 6

    Expert Comment

    If the FQDN (Fully Qualified Domain Name -- IE, remains the same, you can simply export the certificate to a PFX file (done through MMC using the Certificates snapin). Once exported, take the cert over to the new server and import it. After it's imported into your certificate store, you can assign it to the resource.
    LVL 58

    Expert Comment

    It depends on your setup. You haven't mentioned the domain name which the certificate issued to the SBS was created for nor what your external domain name to access the E2007 mail server is.

    If the certificate issued to the SBS was for a domain such as mail.<yourdomain>.com, which points as an A record to your WAN IP address, then you can reuse it on the condition that to access your Exchange 2007 server, user's type the mail.<yourdomain>.com subdomain, or whatever is registered in the certificate.

    If you are accessing Exchange with a different subdomain to the one the certificate is setup for, then you cannot use it with Exchange 2007 and you will need to either get a new certificate, or change your settings so that you access the Exchange 2007 server with the subdomain registered in the certificate.

    If the domain with certificate and address you access Exchange with doersn't match, Outlook will throw a wobbly. You will also get issues with WIndows Mobile clients unless you have manually installed in, but I like to get things correct without manually importing SSL certificates!


    Author Comment

    Hello Everyone:

    Thanks for the fast response.  My exchange 2007 server has the same name has did the SBS 2003 server.  However, it imported correctly into the Exchange 2007 server but when I type https:\\\owa...I get the following:

    There is a problem with this website's security certificate.
     The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
      We recommend that you close this webpage and do not continue to this website.  
      Click here to close this webpage.  
      Continue to this website (not recommended).  
         More information

    If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
    When going to a website with an address such as, try adding the 'www' to the address,
    If you choose to ignore this error and continue, do not enter private information into the website.

    For more information, see "Certificate Errors" in Internet Explorer Help.
    I took as saying that I need to get a new SSL certificate before I tried RPC?
    LVL 58

    Accepted Solution

    I've just tried it myself and it would appear that your certificate was issued by a company which Internet Explorer does not trust. Basically, the issuer's root CA certificate isn't installed in the trusted certificates store.

    Before you can do RPC over HTTPS then you will need to get this issue sorted out. GoDaddy have good deals and aren't as expensive as Verisign:
    You could try importing the certificate to the trusted certificates store so it is trusted and the error is suppressed, but I'm not even sure if RPC/HTTPS will work then. A cheap GoDaddy certificate is well worth it!

    Author Comment

    One more you know the steps involved in getting the certificate into the trusted certificates store?  Right now the certificate resides in the certificate personal store.
    LVL 58

    Expert Comment

    When the prompt appears, click "View Certificate" then "Install Certificate". In the wizard, you can select the option to manually decide which store to put it in, then Browse and select the store.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now