We help IT Professionals succeed at work.

New SSL Certificate for Mail Server

huntersp3
huntersp3 asked
on
847 Views
Last Modified: 2008-01-09
Hello Experts:

Recently, I have switched one of my companies that was running Exchange 2003 on a SBS 2003 Server over to a server running Exchange 2007.  I want to RPC over HTTP on the Exchange 2007 server--the question I have is can I use the SSL certificate that is on the SBS server or do I have to get a new SSL cerificate for the Exchange 2007 server?

Thanks for the help
Comment
Watch Question

Commented:
The SSL certificate is typically bound to the hostname of the server.    You might be able to use, if it can the validated, but it likely won't be the same hostname.

You could create an SSL cert locally

Commented:
If the FQDN (Fully Qualified Domain Name -- IE, mail.yourdomain.com) remains the same, you can simply export the certificate to a PFX file (done through MMC using the Certificates snapin). Once exported, take the cert over to the new server and import it. After it's imported into your certificate store, you can assign it to the resource.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
It depends on your setup. You haven't mentioned the domain name which the certificate issued to the SBS was created for nor what your external domain name to access the E2007 mail server is.

If the certificate issued to the SBS was for a domain such as mail.<yourdomain>.com, which points as an A record to your WAN IP address, then you can reuse it on the condition that to access your Exchange 2007 server, user's type the mail.<yourdomain>.com subdomain, or whatever is registered in the certificate.

If you are accessing Exchange with a different subdomain to the one the certificate is setup for, then you cannot use it with Exchange 2007 and you will need to either get a new certificate, or change your settings so that you access the Exchange 2007 server with the subdomain registered in the certificate.

If the domain with certificate and address you access Exchange with doersn't match, Outlook will throw a wobbly. You will also get issues with WIndows Mobile clients unless you have manually installed in, but I like to get things correct without manually importing SSL certificates!

-tigermatt

Author

Commented:
Hello Everyone:

Thanks for the fast response.  My exchange 2007 server has the same name mail.nationalsteelerection.com has did the SBS 2003 server.  However, it imported correctly into the Exchange 2007 server but when I type https:\\mail.nationalsteelerection.com\owa...I get the following:

There is a problem with this website's security certificate.
 The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
 
I took as saying that I need to get a new SSL certificate before I tried RPC?
Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
One more question...do you know the steps involved in getting the certificate into the trusted certificates store?  Right now the certificate resides in the certificate personal store.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
When the prompt appears, click "View Certificate" then "Install Certificate". In the wizard, you can select the option to manually decide which store to put it in, then Browse and select the store.

-tigermatt
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.