renew ssl certificate with exchange 2007


We used Godaddy to provide our SSL certificates for both IIS and Exchange itself for the host smtp.domain.co.nz which is what our internal and external dns resolves to. This is working fine but the certificate has a 2 year expiry which happens tomorrow. I am trying to determine that if I use the renew option with godaddy, how I get iis to accept the certificate and how I apply this to IIS and Exchange 2007? Will the renew process ask me to get another CSR from the IIS server?

I was under the impression in order to put a certificate into iis, you had to make a certificate request (CSR) which you then give to GD, and then complete the request when the cert is issued by godaddy?

Also what is the command to overwrite the certificate in exchange?

I want to make sure the entire process is as seamless to the end users as possible. Last time we went from self signed to externally provided ssl, for a while each outlook client got a ssl certificate prompt on the workstation.

I am a little familiar with IIS/Exchange 2007 and SSL, but nice simple explanations please :)

It's possible this client wants to change the domain name, and use this instead of what they have, can I request a certificate which would work for smtp.domain1.co.nz and smtp.domain2.co.nz at the same time?


networknAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kleinrwCommented:
Here's the help link on Godaddy regarding how to renew your cert: http://help.godaddy.com/topic/752/article/4802 It's pretty straight forward. It will automatically overwrite the old one when you install it. You can't install more then one SSL certificate per IP address on your web server. You CAN install multiple SSL certificates on a web server as long as there are multiple IP's assigned to the web server.
0
networknAuthor Commented:
Thanks, this helps, how do I get that cert into exchange 2007 ? Just need to ensure tomorrow the Outlook clients don't get an error about expired certificate.
0
Shreedhar EtteCommented:
Hi,

Check this article:
http://help.godaddy.com/topic/742/article/4877 and refer To Install the UCC Certificates section.

Hope this helps,
Shree
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

networknAuthor Commented:
http://www.globalsign.com/support/install/ex_2007.php

I found this, but it refers to .cer and my GD certificate is P7b and crt,

There are already certs in exchange, how can I examine them more closely to see when they expire?
0
Shreedhar EtteCommented:
Rename the crt to cer
0
networknAuthor Commented:
shreedhar:

How can I see the ssl certificates already in Exchange in more detail? I am trying to see when they will expire. My records show they should have already expired but they haven't (No errors opening outlook).

0
Shreedhar EtteCommented:
Get-ExchangeCertificate | fl
0
networknAuthor Commented:
Ok thanks. I can see, that based on that command, I have a date invalid certificate for smtp service, but my new ssl cert is installed and working on service iis, I presume there must be a way to get the iis service cert to work for smtp service, pop3, and imap, how do I do that? Are there any other services I should ensure the certificate is installed for?

The thumbprint of the correct cert is something like E6E6BDF27D3EEF25B0F2A828F2A3FE3FB209865E and the date invalid one is A45F5F9D52689F530D5E5DBAF86E6790777AAB49

I also see some other certificates, showing as valid, but services are set to none, can I remove these without consequences?
0
Shreedhar EtteCommented:
Enable-ExchangeCertificate -Thumbprint E6E6BDF27D3EEF25B0F2A828F2A3FE3FB209865E -Services POP,IMAP,SMTP,IIS
0
networknAuthor Commented:
Is that all the services I need to add? What is the service that handles the client to server certificate ?
0
networknAuthor Commented:
After running that command it seems like both certificates are assigned to pop, imap, smtp, iis.

Should this be the case? Should I remove the old one?
0
Shreedhar EtteCommented:
You can remove the expired certificate.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.