renew ssl certificate with exchange 2007


We used Godaddy to provide our SSL certificates for both IIS and Exchange itself for the host smtp.domain.co.nz which is what our internal and external dns resolves to. This is working fine but the certificate has a 2 year expiry which happens tomorrow. I am trying to determine that if I use the renew option with godaddy, how I get iis to accept the certificate and how I apply this to IIS and Exchange 2007? Will the renew process ask me to get another CSR from the IIS server?

I was under the impression in order to put a certificate into iis, you had to make a certificate request (CSR) which you then give to GD, and then complete the request when the cert is issued by godaddy?

Also what is the command to overwrite the certificate in exchange?

I want to make sure the entire process is as seamless to the end users as possible. Last time we went from self signed to externally provided ssl, for a while each outlook client got a ssl certificate prompt on the workstation.

I am a little familiar with IIS/Exchange 2007 and SSL, but nice simple explanations please :)

It's possible this client wants to change the domain name, and use this instead of what they have, can I request a certificate which would work for smtp.domain1.co.nz and smtp.domain2.co.nz at the same time?


networknAsked:
Who is Participating?
 
Shreedhar EtteCommented:
Hi,

Check this article:
http://help.godaddy.com/topic/742/article/4877 and refer To Install the UCC Certificates section.

Hope this helps,
Shree
0
 
kleinrwCommented:
Here's the help link on Godaddy regarding how to renew your cert: http://help.godaddy.com/topic/752/article/4802 It's pretty straight forward. It will automatically overwrite the old one when you install it. You can't install more then one SSL certificate per IP address on your web server. You CAN install multiple SSL certificates on a web server as long as there are multiple IP's assigned to the web server.
0
 
networknAuthor Commented:
Thanks, this helps, how do I get that cert into exchange 2007 ? Just need to ensure tomorrow the Outlook clients don't get an error about expired certificate.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
networknAuthor Commented:
http://www.globalsign.com/support/install/ex_2007.php

I found this, but it refers to .cer and my GD certificate is P7b and crt,

There are already certs in exchange, how can I examine them more closely to see when they expire?
0
 
Shreedhar EtteCommented:
Rename the crt to cer
0
 
networknAuthor Commented:
shreedhar:

How can I see the ssl certificates already in Exchange in more detail? I am trying to see when they will expire. My records show they should have already expired but they haven't (No errors opening outlook).

0
 
Shreedhar EtteCommented:
Get-ExchangeCertificate | fl
0
 
networknAuthor Commented:
Ok thanks. I can see, that based on that command, I have a date invalid certificate for smtp service, but my new ssl cert is installed and working on service iis, I presume there must be a way to get the iis service cert to work for smtp service, pop3, and imap, how do I do that? Are there any other services I should ensure the certificate is installed for?

The thumbprint of the correct cert is something like E6E6BDF27D3EEF25B0F2A828F2A3FE3FB209865E and the date invalid one is A45F5F9D52689F530D5E5DBAF86E6790777AAB49

I also see some other certificates, showing as valid, but services are set to none, can I remove these without consequences?
0
 
Shreedhar EtteCommented:
Enable-ExchangeCertificate -Thumbprint E6E6BDF27D3EEF25B0F2A828F2A3FE3FB209865E -Services POP,IMAP,SMTP,IIS
0
 
networknAuthor Commented:
Is that all the services I need to add? What is the service that handles the client to server certificate ?
0
 
networknAuthor Commented:
After running that command it seems like both certificates are assigned to pop, imap, smtp, iis.

Should this be the case? Should I remove the old one?
0
 
Shreedhar EtteCommented:
You can remove the expired certificate.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.