• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1091
  • Last Modified:

Certificates for Exchange 2003 to Exchange 2010 migration

I am doing a migration from exchange 2003 to exchange 2010.  I'm using the following article for "upgrade from exchange 2003 Client Access"
http://technet.microsoft.com/en-us/library/ee332348.aspx

My current exchange 2003 server OWA does not use SSL.  It is simply:  http://hostname.contoso.com\exchange

My URL for OWA on my exchange 2010 server is using SSL.  It has the following URL:
https://mail.contoso.com/owa  (I am using a CAS array for redundancy)

First of all I will have to purchase a certificate with the following names correct?
mail.contoso.com
autodiscover.contoso.com
legacy.contoso.com  (do I actually put legacy on the certificate, or is it the name of the exchange 2003 server)

Lastly, on the link above it explains how to "configure the exchange 2003 URL property on the /OWA virtual directory"  It says this is necessary for exchange 2003 and exchange 2010 to coexist.  (I will need these servers to coexist for awhile) Then it shows the syntax for the command.  My exchange 2003 URL would be "http" since I'm not using ssl on the exchange 2003 server right?  Could someone show me what the command would look like in my above situation.  Thanks.
0
denver218
Asked:
denver218
1 Solution
 
BusbarSolutions ArchitectCommented:
you will have to install the SSL certificate on the Exchange server and configure FBA for the redirection to work.
you will create a record that says legacy.exchange.com maps to the exchange frontend server and mail.contoso.com maps to CAS array.
configure the FBA on the exchange 2003 and use shreedhar command to configure the Exchange 2010 OWA and you are done
0
 
denver218Author Commented:
Thanks.  So I actually use the name "legacy", not the hostname of the exchange 2003 server?

So I will have to install an SSL certificate on the exchange 2003 server as well as the 2010 CAS server right?  Redirection won't work, if exch 2003 is not using SSL and exch 2010 is using SSL right?  Thanks for all your assistance.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
BusbarSolutions ArchitectCommented:
just to remind you, redirection will work if the 2003 server uses SSL and FBA
0
 
denver218Author Commented:
thanks.  As far as a certificate.  Do I need to get a separate certificate for both exchange 2003 and exchange 2010 or can I use the same one, and just have the proper name on it?
0
 
BusbarSolutions ArchitectCommented:
you can use a single UCC certificate that has the legac and mail names inside it, I prefer godaddy
0
 
denver218Author Commented:
Thanks busbar, So my Certifcates should have the following names right?

mail.contoso.com (CAS Array)
autodiscover.contoso.com
legacy.contoso.com (exchange 2003)

On the Certificate "legacy.contoso.com" Do I use the word legacy or use the actual name of my exchange 2003 server?  Then I will install this certifcate on Exchange 2003 and Exchange 2010
0
 
BusbarSolutions ArchitectCommented:
the certificate names are correct.
for legacy you can use any name that you can configure on public DNS, i prefer mail and oldmail, but this is me, you can choose any name you want but make sure to reflect that correctly in the exchange 2010 cmdlet used to configure the exchange 2003 URL
0
 
denver218Author Commented:
Thanks.  Lastly and I will award points.  Can I just use a wildcard certificate for this?  (*.contoso.com)  Thanks
0
 
BusbarSolutions ArchitectCommented:
yup
0
 
denver218Author Commented:
Thanks
0
 
Kenny UgbaCommented:
Please I need help in migrating from exchange 2003SP2  to exchange 2010 SP3
The old setup is 2 servers one with the mailbox and the other handles every other roles  including the certificates authority.

I have followed the instructions online and set up 3 Servers
1. Mailbox role
2.CAS and transport
3. Certificate authority
I have only one domain with about a 1000 users.

I need help setting up the CAS and also transferring all the certificates to the new one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now