teomcam
asked on
Exchange 2010 certification issue
Hi,
I just purchased UC certificate from Globalsign. ICBExc2010GS is new certificate and I have tryed to assign services but it asked me if I wanna overwrite existing certificate and I said No! At the moment internally Globalsign certificate is active and working fine but externally still old certificate working. I just wanna take the steps carefully, so could you guide me with safe way please?
I just purchased UC certificate from Globalsign. ICBExc2010GS is new certificate and I have tryed to assign services but it asked me if I wanna overwrite existing certificate and I said No! At the moment internally Globalsign certificate is active and working fine but externally still old certificate working. I just wanna take the steps carefully, so could you guide me with safe way please?
Shreedhar Ette
At the over writre promot you should have said Yes.
ASKER
Should I try assign again or its too late? Could you give more details please?
try assign again.
ASKER
I just tryed and assigned and overwritted but externally still old one appearing.
- Open Internet Information Services (IIS) Manager.
- Select the Default Web Site > Click Bindings > Select the port 443> View Certificate> it has to be ICBExc2010GS.
- If not select the ICBExc2010GS > Click Ok.
- Restart the IIS Admin Service.
Does you have ISA?
- Select the Default Web Site > Click Bindings > Select the port 443> View Certificate> it has to be ICBExc2010GS.
- If not select the ICBExc2010GS > Click Ok.
- Restart the IIS Admin Service.
Does you have ISA?
ASKER
Hi,
I tryed and restarted IIS Admin service but still same. Yes, I have TMG2010 (ISA).
I tryed and restarted IIS Admin service but still same. Yes, I have TMG2010 (ISA).
You need to install the certificate on TMG2010 on the OWA rule.
Refer this article for TMG 2010:
http://exchangemaster.wordpress.com/2010/04/09/publish-exchange-2010-with-tmg-forefront-threat-management-gateway/
http://exchangemaster.wordpress.com/2010/04/09/publish-exchange-2010-with-tmg-forefront-threat-management-gateway/
ASKER
Hi shreedhar,
I just imported the same new certificate of exchnage 2010 to the TMG2010's Computer/Personal certificates. As you can see below there is an existing OWA rule called OWA-Exchange 2010. According to that should I still create another OWA rule?
I just imported the same new certificate of exchnage 2010 to the TMG2010's Computer/Personal certificates. As you can see below there is an existing OWA rule called OWA-Exchange 2010. According to that should I still create another OWA rule?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well that intersting why Globalsign certificate is not valid?
Have you also installed the Intermidiate certificate in the TMG 2010?
ASKER
I have purchased OV certificate and they sent me 2 certificates. Intermediaet also not valid. When I make request I did not include TMG's name or IP. Would it be the problem?
One of them says: MUST BE INSTALLED ON YOUR WEB SERVER:
Your SSL Certificate (Formatted for the majority of web server
software including IIS and Apache based servers):
Other one says:
MUST BE INSTALLED ON YOUR WEB SERVER:
OrganizationSSL Intermediate Certificate (SGC version):
One of them says: MUST BE INSTALLED ON YOUR WEB SERVER:
Your SSL Certificate (Formatted for the majority of web server
software including IIS and Apache based servers):
Other one says:
MUST BE INSTALLED ON YOUR WEB SERVER:
OrganizationSSL Intermediate Certificate (SGC version):
Refer this article to install the certificates on TMG 2010:
http://www.globalsign.com/support/intermediate/organizationssl_intermediate_exchange.php
http://www.globalsign.com/support/intermediate/organizationssl_intermediate_exchange.php
ASKER
Hi again,
I found the problem. After assig the new certificate we had to export private key and import to TMG2010. After that certificate became to valid and now new certification published succesfully. Thanks very much for your help.
I found the problem. After assig the new certificate we had to export private key and import to TMG2010. After that certificate became to valid and now new certification published succesfully. Thanks very much for your help.