Do I need another SSL cert for front end exchange server? 2007 CAS that is

Posted on 2009-02-10
Last Modified: 2012-06-27
I have a 2003 exchange server with all my mailboxes, but we are moving it to be behind our Cisco ASA, so I installed a fresh copy of exchange 2007 to be our CAS.  Do I need to get it a SSL certificate?  I already have one for my 2003 server, can I copy it over?  Or do I need to generate a new one for the 2007 servers name?
Question by:dannyboy266
    LVL 6

    Accepted Solution

    If you're just doing OWA, you can probably get by with a self-issued cert, but if you're using mobile devices, they will probably not accept it unless it's chained to a trusted root. You should talk to your SSL cert provider about revoking your old cert and re-issuing it for the new server.

    Author Comment

    Oh ok, so with a CAS,  I wouldn't any longer need the SSL cert on my 2003 box?
    LVL 6

    Expert Comment

    It depends on what you're using the 2003 server for. I assume if you've got a 2007 CAS set up, you've got a 2007 hub transport inside somewhere for it to talk to. If the 2003 server is inside your network (not exposed to the internet) and only used for Outlook, you shouldn't need a cert on it. You want the SSL on the outward-facing server so you can secure the traffic over the internet. If you still plan on using the 2003 for OWA, you will still probably need a cert, but it can probably be self-issued. However, if you have a 2007 CAS set up, you would probably use that for OWA instead.
    LVL 4

    Assisted Solution

    You should be able to use the same SSL certificate by giving the CAS the same name as the old exchange server, and changing the name of the old exchange server to something new.  You would need to export the certificate and private key to the new server. Optionally, as kdtresh said, your SSL signer may offer the option of reissuing the cert on a new hostname (common name).

    Note that you should still put the CAS behind the firewall and port forward traffic to it.

    Author Comment

    I contacted my cert provider, and they revoked my old cert and reissued it under my new FQDN of the server.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now