Start Free TrialLog in
Avatar of bulldogsdad
bulldogsdadFlag for United States of America

asked on 

Replacing the self signed certificate in Exchange 2007

Many thanks in advance for those who take the time to respond!

I have inherited an Exchange Server 2007 SP1 running on a Server 2003 SP2 x64 with the self signed certificate installed. Everything is functioning properly (Outlook, OWA, transport). We are looking to implement Active Sync so i know the self signed cert can not be used for this, or at least that is what i have read. The environment is a fialry straight forward one - Single domain, two DC's (one of which is running the cert services), single exchange server. Oh yeah we are also running BES, but i am pretty sure that is not affected by any of this. Here are my questions:

~By replacing the self signed cert with either one generated by a public CA or via the Windows Cert Auth what if anything wiill need to be done to ensure that OWA and still functions propoerly.
~ I have read mixed opinions on whether you should use a trusted third party CA or one generated in house via MS Cert Auth and was wondering, for this application (Active Sync), if there was a major difference
~ Once the self signed cert is replaced, if things go awry how do you re-assign the self signed cert (I can not seem to locate the cert via the Cert Auth MMC snap in.

I have searched the MS site and have found various articles related to the above, but none that explain how to re-assign the self signed cert if you need to.

Once again, i thank everyone who responds in advance with any assistance.
Exchange
Avatar of undefined
Last Comment
Chris Dent
Avatar of mderooij
mderooij
You can export the current certificate using the Export-ExchangeCertificate cmdlet. Check the Exchange2007 helpfile on this cmdlet for information on the parameters you need to specify, e.g. thumbprint. Sample command would be:
Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password
 
Avatar of Mestha
Mestha
Flag of United Kingdom of Great Britain and Northern Ireland image
Self generated certificates are not supported for ActiveSync, therefore you need to use a commercial one. If you use a self generated certificate then you have the headaches of management of the certificates, including getting them on to the devices, and then replacing the certificate when it expires.

Follow the procedure on my blog to get the certificate replaced with a commercial one.
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

-M
Avatar of mderooij
mderooij
In addition, you can then use the procedure for importing certificates to import this (self-signed) certificate again when necessary.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Heh see I spent way too long writing that, didn't intend to repeat any of the above.

Chris
Avatar of mderooij
mderooij
@Chris: That happens a lot here :)
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

You think after all this time I'd get used to pressing Refresh first ;) Ah well :)

Chris
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent