Avatar of Alex_Irving
Alex_IrvingFlag for United States of America

asked on 

Help replacing self-signed certificate with trusted source certificate

I own the domain name 'beauty-pr.com' for my business. I host my business website on a third-party shared host at 'www.beauty-pr.com' but receive company email on my SBS2003 R2 business server at 'eaprdc1.beauty-pr.com'. My DNS is set so my 'A' record points to my hosted web server and my primary MX records point first to my office server (with a 10 priority) and an  secondary MX record (priority 20) points to my back up POP3 account at the hosted server in case the office server goes down for some reason. We won't miss mail.

The gent who installed and setup my network here (since moved away) created a server-generated certificate for the network issued to the following common names:

CN = publishing.eapr.local
CN = companyweb
CN = eaprdc1
CN = localhost
CN = eaprdc1.eapr.local

The setup has worked well with the one exception: Remoting in via OWA from outside the office intranet has always generated a certificate mismatch warning message that I am able to ignore and proceed.

The problem:
My new Samsung SCH-i760 phone/PDA is built on WM6 and will not sync without using SSL. Now I cannot sync with Exchange/Outlook via OMA at all (and of course I still get the old certificate security warnings remoteing in via OWA). I think it is time to purchase a trusted SSL certificate from GoDaddy and be done with the workarounds.

I've done extensive reading on this subject both here and at GoDaddy and still have a couple of gnawing questions:

1. When I go in to create my Certificate Signing Request in IIS/Default Web Site/Directory Security-Security Certificate I am offered the following choices:

-      Process the pending request
-      Delete the pending request

I am assuming the original certificate installed in our SBS2003 server used this process to create itself as 'publishing.eapr.local' that is currently doing the job for the intranet and a processing of the pending request is not required for it to function. Now I don't want to screw that working setup while I am in learning mode on certificate installation.


1.      If I 'delete the pending request', to restart the request cycle to order a GoDaddy certificate, does that delete the 'publishing.eapr.local' certificate from the server and interfere with any network clients accessing the server and preventing client internet connectivity? Or, does everything remain the way it is until I actually "remove/delete" the old certificate prior to the start over process.

2.      Do I lose any functionality by not having the common names 'companyweb'
'eaprdc1', 'localhost' and 'eaprdc1.eapr.local' included in the certificate?

3.    Am I better off purchasing a single certificate only for eaprdc1.beauty-pr.com subdomain for syncing, OMA and OWA or to purchase a wildcard certificate that will also be useful on my hosted website?

Any  guidance appreciated.

Alex Irving
Windows OSSBSExchange

Avatar of undefined
Last Comment
Avatar of kieran_b
Flag of Australia image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Alex_Irving
Flag of United States of America image


Thanks for the over the shoulder. I'll proceed in the AM here on the U.S> West Coast.


Alex Irving

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo