?
Solved

Exchange UCC Certificate updated - how to update in server

Posted on 2011-04-20
10
Medium Priority
?
610 Views
Last Modified: 2012-05-11
I got a UCC Certificate through godaddy.com. It had 5 names associated with it. Today I removed one of the names and added another. The goDaddy.com representative said I haveto re-download the cert and apply it to my server.

She said to remove the certificate and then apply the new downloaded but that, to me, seems like it would remove the link to the private key and original CSR. So... How do I update this without messing up my server?
0
Comment
Question by:cmaohio
  • 5
  • 4
10 Comments
 
LVL 1

Expert Comment

by:leeflowers
ID: 35436880
Have you done the "Complete certificate Request", and created the new cert?  If so, all you need to do is import that cert into the CAS, and then use the "BINDINGS" selection on the far right action pane to select the new cert.
0
 
LVL 5

Author Comment

by:cmaohio
ID: 35436962
The certificate that is on the sever now has been installed for 3 weeks. It's been functioning. I just updated the names at godaddy.com (I can have multiple names for the domain like server1.mydomain.com and server2.mydomain.com).

So, I guess I have completed the certificate request already. I need to update the existing certificate with the newly downloaded one from godaddy.
0
 
LVL 1

Expert Comment

by:leeflowers
ID: 35437186
Your talking about adding the Subject Alternative Names.  Yes, you will need to import the file into the CAS machines, then change the binding to use that new cert.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 1

Expert Comment

by:leeflowers
ID: 35437226
Two things that might help.

1) http://support.microsoft.com/kb/272227 - Never tried this tool, to help find the other tool, but I provide a reference just to be throrough.
2) X:\Program Files\Microsoft Office\Office(11,12,14) - This is where Office is loaded on local desktop.  Depending on your version of Office, the directory could be 11,12, or 14).


Run the scanpst.exe file, browse to the PST that is corrupted, and hit START - and pray.

Good Luck
0
 
LVL 5

Author Comment

by:cmaohio
ID: 35437254
I think your second message was meant for my Outlook question.
0
 
LVL 1

Expert Comment

by:leeflowers
ID: 35437779
@cmaohio - Yes, I think I cut and pasted into the wrong window.  I will try to remove the PST answer from this request.
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35439562
Hi use the below blog which has step by step procedue of where u can see the certificate

http://praveen-exchange.blogspot.com/2011/04/where-are-my-certificates.html

You can use the EMC or IIS section mentioned in the above blog
0
 
LVL 5

Author Comment

by:cmaohio
ID: 35440265
You're right, @leeflowers, it is the SAN. I couldn't remember what it was from home last night. I changed one of the SAN values and now have to update the certificate on the Exchange Server.

@praveenkumare_sp, that tells me where to find certs which is what I already knew. it doesn't tell me anything about importing a new one.

I have the new cert now from godaddy.com (they had a delay in sending out their authorization e-mails). I went into the EMC on the server and chose to Import the certificate, it was looking for a pfx or p12 file but I chose "all files" and selected the crt file I downloaded from GoDaddy.com I entered the password I normally put in for certificates and ran the wizard. It said it completed successfully but after refreshing and reloading the EMC the Certficate for the Exchange Server still has the old information.

I'm concerned if I remove the certificate to try to bring in the new one I will lose it altogether.
0
 
LVL 5

Accepted Solution

by:
cmaohio earned 0 total points
ID: 35440802
I seem to have found the answer myself. I found this blog here: http://projectdream.org/wordpress/2009/11/02/updating-subject-alternate-names-in-an-exchange-certificate/

The blog post itself is not actually the answer but the last comment at the bottom.

The Answer:
Update the Cert at godaddy and get issued a new one.
Create a new CSR with the right SANs in it on the Exchange Server
at GoDaddy, choose "Rekey" and enter the new CSR up there.
It will then allow you to download the cert and you apply it to the new CSR.
Remove the old one. Bam, you're done.
0
 
LVL 5

Author Closing Comment

by:cmaohio
ID: 35465173
Accepting my own because I researched it and it worked.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question