Exchange 2010 UCC Certificate Questions

I generated a CSR requested from one of my CAS servers. (I have an array) I then purchased a UCC certificated and import the certificate into exchange and now the pending Certificate request have a check mark next to it and the certificate is marked as OK!!!

1) I generated the CSR request from one of my CAS array servers? Do I have to install the cert on both or just one? If so, do I import the godday certi or export the cert from the other CAS server?

2) The self signed certifiate is still present on all of my servers should I delete it? The server is still using it when I access the OWA interface.

3) For the CSR request I did not put infor POP, IMAP etc or any other type of communication signing because it isn't needed. ON the assigned services screen I should only select IIS. Can I add other serives to this cert in the future.

4) SHould I install the godaddy cert or export the cert from the CAS server and install it on all Exchnage 2010 servers, mailbox, TMG etc...
LVL 21
compdigit44Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetfloCommented:
Hi compdigit44,

1. Install the certificate on both CAS servers.

2. Leave the self signed certificate, it won't be used as the services will be assigned to the new certificate.

3. Yes you can assign the certificate to services later.

4. Entirely up to you, either way will achieve the same thing. May be easier to export / import.

Hope this helps,
0
compdigit44Author Commented:
But if I don't remove the self signed certificate how will Exchange know which certificate to use?
Is it better to remove services from the self signed certificate or delete it
0
compdigit44Author Commented:
Also if I export the cert from my CAS server which I install the godaddy cert I can just import this cert on all of my other exchange server correct..

Will I need to install  the Goaddy intermediate certificate as well?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

NetfloCommented:
Yes you can export and import and yes you will need to install the GoDaddy intermediate certificate as well as the servers themselves will need that for trust.

Please see the following link for a run through guide: http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
0
NetfloCommented:
I wouldn't advise removing the existing self signed certificates, they're not doing you any harm by being there. Its just services you're assigning, thats all.

Should anything go wrong you still have the fail safe of a self signed certificate on the server ready.
0
compdigit44Author Commented:
Should I remove any services from the self signed certificate? Who will exchange know to use the correct certificate
0
NetfloCommented:
When you complete the CSR, you will have the option to apply services to the new certificate.

Rest assured, Exchange 2010 has a very easy GUI, can't really go wrong.
0
compdigit44Author Commented:
Again should I remove any services from th self-signed cert of leave it as is
0
NetfloCommented:
When you assign services to the new certificate, it will switch across and be linked to the new one. A service can only be applied to one certificate at a time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Author Commented:
thanks again...
0
NetfloCommented:
Your welcome ;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.