Domain SSL certificate Replacement

Hello Experts

We currently have a UCC SSL certificate purchased from GODADDY,
And we want to change the SSL certificate to a WILDCARD.
My questions are as follows:

1. What is the Best practice for demolish the current cert and creating the new wildcard one.
2. What to do with the Implications on the Exchange, ActiveSync sync while without an SSL.
3.  How to Verify that the new * SSL will be able to work with multiple private keys, which means different servers. Please check also if there's a private-keys/servers limitation.
I would be glad if you can assist me on this issue,
Thank you.
IT_Group1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jaroslav MrazCTOCommented:
For bether know how certicate works we must start from end.

How woud you know that this will work. You must knowthat wildcard certificate have only ONE PRIVATE KEY it just have more dns names in side of it. So if you wanted this working you must have for every wilde name A grade DNS to your server and import certificate inside every IIS instance.

You can also do one thing if you have more domains you can buy Certificate for your own microsoft Certification Autority and you can then make any certificate and all of them will be trusted becouse ROOT CA signs your CA and then you are save.
reed more here http://www.davidpashley.com/articles/cert-authority.html

Best practice is to make new Certificate on autority then use replace function on every servis for example in IIS it is import new certificate and then activate of it. After you replace certificate on every service you will go to managment panel of CA and revoke your certiciate (rewoking is dont trust this cert any more) and ict the same like destruction becouse it cant be used anywere.
0
khairilCommented:
Hi,

I have using wilcardcert from Entrust with no problem for our Exchange environment and also our NPS for wireless authentication.

These what I've done, other experts might have better way:

1. Before disposing old cert, install the new cert first and then remove the old one.

2. I using this page to help me setup exchange server, but I believe you do know how to do it, http://msmvps.com/blogs/nunoluz/archive/2008/04/09/step-by-step-adding-ssl-certificate-to-exchange-server-and-windows-mobile-devices.aspx

I did got into problem with it as the private key not exportable. So you need to make sure the private key used to generate CSR are exportable else you have to go long way - which might end up the cert cannot be deploy.

3. The wildcard cert works different, but if you have private key exportable than it make your life easier. You can navigate here to our OWA exchange site, https://mail1.usm.my  and https://mail2.usm.my  you will notice we are using wildcard cert. I not be able to show you the using on NPS because it is between the Wireless Controller and NPS server only.

I've went thru difficulties to make it happened, as advice to my self too. Next time, I will make sure the private key is mark exportable before creating the CSR. Then deploy the cert received from CA to the server and then export out *.pfx file with private key include. After that all thing will be easy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.