[Last Call] Learn how to a build a cloud-first strategyRegister Now


New SSL Certificate for Mail Server

Posted on 2007-10-02
Medium Priority
Last Modified: 2008-01-09
Hello Experts:

Recently, I have switched one of my companies that was running Exchange 2003 on a SBS 2003 Server over to a server running Exchange 2007.  I want to RPC over HTTP on the Exchange 2007 server--the question I have is can I use the SSL certificate that is on the SBS server or do I have to get a new SSL cerificate for the Exchange 2007 server?

Thanks for the help
Question by:huntersp3

Expert Comment

ID: 20001525
The SSL certificate is typically bound to the hostname of the server.    You might be able to use, if it can the validated, but it likely won't be the same hostname.

You could create an SSL cert locally

Expert Comment

ID: 20001549
If the FQDN (Fully Qualified Domain Name -- IE, mail.yourdomain.com) remains the same, you can simply export the certificate to a PFX file (done through MMC using the Certificates snapin). Once exported, take the cert over to the new server and import it. After it's imported into your certificate store, you can assign it to the resource.
LVL 58

Expert Comment

ID: 20001556
It depends on your setup. You haven't mentioned the domain name which the certificate issued to the SBS was created for nor what your external domain name to access the E2007 mail server is.

If the certificate issued to the SBS was for a domain such as mail.<yourdomain>.com, which points as an A record to your WAN IP address, then you can reuse it on the condition that to access your Exchange 2007 server, user's type the mail.<yourdomain>.com subdomain, or whatever is registered in the certificate.

If you are accessing Exchange with a different subdomain to the one the certificate is setup for, then you cannot use it with Exchange 2007 and you will need to either get a new certificate, or change your settings so that you access the Exchange 2007 server with the subdomain registered in the certificate.

If the domain with certificate and address you access Exchange with doersn't match, Outlook will throw a wobbly. You will also get issues with WIndows Mobile clients unless you have manually installed in, but I like to get things correct without manually importing SSL certificates!

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 20001596
Hello Everyone:

Thanks for the fast response.  My exchange 2007 server has the same name mail.nationalsteelerection.com has did the SBS 2003 server.  However, it imported correctly into the Exchange 2007 server but when I type https:\\mail.nationalsteelerection.com\owa...I get the following:

There is a problem with this website's security certificate.
 The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
I took as saying that I need to get a new SSL certificate before I tried RPC?
LVL 58

Accepted Solution

tigermatt earned 2000 total points
ID: 20001639
I've just tried it myself and it would appear that your certificate was issued by a company which Internet Explorer does not trust. Basically, the issuer's root CA certificate isn't installed in the trusted certificates store.

Before you can do RPC over HTTPS then you will need to get this issue sorted out. GoDaddy have good deals and aren't as expensive as Verisign: https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979
You could try importing the certificate to the trusted certificates store so it is trusted and the error is suppressed, but I'm not even sure if RPC/HTTPS will work then. A cheap GoDaddy certificate is well worth it!

Author Comment

ID: 20001797
One more question...do you know the steps involved in getting the certificate into the trusted certificates store?  Right now the certificate resides in the certificate personal store.
LVL 58

Expert Comment

ID: 20004356
When the prompt appears, click "View Certificate" then "Install Certificate". In the wizard, you can select the option to manually decide which store to put it in, then Browse and select the store.


Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question