Help replacing self-signed certificate with trusted source certificate
Background:
I own the domain name 'beauty-pr.com' for my business. I host my business website on a third-party shared host at 'www.beauty-pr.com' but receive company email on my SBS2003 R2 business server at 'eaprdc1.beauty-pr.com'. My DNS is set so my 'A' record points to my hosted web server and my primary MX records point first to my office server (with a 10 priority) and an secondary MX record (priority 20) points to my back up POP3 account at the hosted server in case the office server goes down for some reason. We won't miss mail.
The gent who installed and setup my network here (since moved away) created a server-generated certificate for the network issued to the following common names:
CN = publishing.eapr.local
CN = companyweb
CN = eaprdc1
CN = localhost
CN = eaprdc1.eapr.local
The setup has worked well with the one exception: Remoting in via OWA from outside the office intranet has always generated a certificate mismatch warning message that I am able to ignore and proceed.
The problem:
My new Samsung SCH-i760 phone/PDA is built on WM6 and will not sync without using SSL. Now I cannot sync with Exchange/Outlook via OMA at all (and of course I still get the old certificate security warnings remoteing in via OWA). I think it is time to purchase a trusted SSL certificate from GoDaddy and be done with the workarounds.
I've done extensive reading on this subject both here and at GoDaddy and still have a couple of gnawing questions:
1. When I go in to create my Certificate Signing Request in IIS/Default Web Site/Directory Security-Security Certificate I am offered the following choices:
- Process the pending request
- Delete the pending request
I am assuming the original certificate installed in our SBS2003 server used this process to create itself as 'publishing.eapr.local' that is currently doing the job for the intranet and a processing of the pending request is not required for it to function. Now I don't want to screw that working setup while I am in learning mode on certificate installation.
Questions:
1. If I 'delete the pending request', to restart the request cycle to order a GoDaddy certificate, does that delete the 'publishing.eapr.local' certificate from the server and interfere with any network clients accessing the server and preventing client internet connectivity? Or, does everything remain the way it is until I actually "remove/delete" the old certificate prior to the start over process.
2. Do I lose any functionality by not having the common names 'companyweb'
'eaprdc1', 'localhost' and 'eaprdc1.eapr.local' included in the certificate?
3. Am I better off purchasing a single certificate only for eaprdc1.beauty-pr.com subdomain for syncing, OMA and OWA or to purchase a wildcard certificate that will also be useful on my hosted website?
Any guidance appreciated.
Alex Irving
I own the domain name 'beauty-pr.com' for my business. I host my business website on a third-party shared host at 'www.beauty-pr.com' but receive company email on my SBS2003 R2 business server at 'eaprdc1.beauty-pr.com'. My DNS is set so my 'A' record points to my hosted web server and my primary MX records point first to my office server (with a 10 priority) and an secondary MX record (priority 20) points to my back up POP3 account at the hosted server in case the office server goes down for some reason. We won't miss mail.
The gent who installed and setup my network here (since moved away) created a server-generated certificate for the network issued to the following common names:
CN = publishing.eapr.local
CN = companyweb
CN = eaprdc1
CN = localhost
CN = eaprdc1.eapr.local
The setup has worked well with the one exception: Remoting in via OWA from outside the office intranet has always generated a certificate mismatch warning message that I am able to ignore and proceed.
The problem:
My new Samsung SCH-i760 phone/PDA is built on WM6 and will not sync without using SSL. Now I cannot sync with Exchange/Outlook via OMA at all (and of course I still get the old certificate security warnings remoteing in via OWA). I think it is time to purchase a trusted SSL certificate from GoDaddy and be done with the workarounds.
I've done extensive reading on this subject both here and at GoDaddy and still have a couple of gnawing questions:
1. When I go in to create my Certificate Signing Request in IIS/Default Web Site/Directory Security-Security Certificate I am offered the following choices:
- Process the pending request
- Delete the pending request
I am assuming the original certificate installed in our SBS2003 server used this process to create itself as 'publishing.eapr.local' that is currently doing the job for the intranet and a processing of the pending request is not required for it to function. Now I don't want to screw that working setup while I am in learning mode on certificate installation.
Questions:
1. If I 'delete the pending request', to restart the request cycle to order a GoDaddy certificate, does that delete the 'publishing.eapr.local' certificate from the server and interfere with any network clients accessing the server and preventing client internet connectivity? Or, does everything remain the way it is until I actually "remove/delete" the old certificate prior to the start over process.
2. Do I lose any functionality by not having the common names 'companyweb'
'eaprdc1', 'localhost' and 'eaprdc1.eapr.local' included in the certificate?
3. Am I better off purchasing a single certificate only for eaprdc1.beauty-pr.com subdomain for syncing, OMA and OWA or to purchase a wildcard certificate that will also be useful on my hosted website?
Any guidance appreciated.
Alex Irving
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Best
Alex Irving