• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 965
  • Last Modified:

Exchange 2010 UCC Certificate Questions

I generated a CSR requested from one of my CAS servers. (I have an array) I then purchased a UCC certificated and import the certificate into exchange and now the pending Certificate request have a check mark next to it and the certificate is marked as OK!!!

1) I generated the CSR request from one of my CAS array servers? Do I have to install the cert on both or just one? If so, do I import the godday certi or export the cert from the other CAS server?

2) The self signed certifiate is still present on all of my servers should I delete it? The server is still using it when I access the OWA interface.

3) For the CSR request I did not put infor POP, IMAP etc or any other type of communication signing because it isn't needed. ON the assigned services screen I should only select IIS. Can I add other serives to this cert in the future.

4) SHould I install the godaddy cert or export the cert from the CAS server and install it on all Exchnage 2010 servers, mailbox, TMG etc...
0
compdigit44
Asked:
compdigit44
  • 6
  • 5
1 Solution
 
NetfloCommented:
Hi compdigit44,

1. Install the certificate on both CAS servers.

2. Leave the self signed certificate, it won't be used as the services will be assigned to the new certificate.

3. Yes you can assign the certificate to services later.

4. Entirely up to you, either way will achieve the same thing. May be easier to export / import.

Hope this helps,
0
 
compdigit44Author Commented:
But if I don't remove the self signed certificate how will Exchange know which certificate to use?
Is it better to remove services from the self signed certificate or delete it
0
 
compdigit44Author Commented:
Also if I export the cert from my CAS server which I install the godaddy cert I can just import this cert on all of my other exchange server correct..

Will I need to install  the Goaddy intermediate certificate as well?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
NetfloCommented:
Yes you can export and import and yes you will need to install the GoDaddy intermediate certificate as well as the servers themselves will need that for trust.

Please see the following link for a run through guide: http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html
0
 
NetfloCommented:
I wouldn't advise removing the existing self signed certificates, they're not doing you any harm by being there. Its just services you're assigning, thats all.

Should anything go wrong you still have the fail safe of a self signed certificate on the server ready.
0
 
compdigit44Author Commented:
Should I remove any services from the self signed certificate? Who will exchange know to use the correct certificate
0
 
NetfloCommented:
When you complete the CSR, you will have the option to apply services to the new certificate.

Rest assured, Exchange 2010 has a very easy GUI, can't really go wrong.
0
 
compdigit44Author Commented:
Again should I remove any services from th self-signed cert of leave it as is
0
 
NetfloCommented:
When you assign services to the new certificate, it will switch across and be linked to the new one. A service can only be applied to one certificate at a time.
0
 
compdigit44Author Commented:
thanks again...
0
 
NetfloCommented:
Your welcome ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now