SSL Configuration for Exchange 2007/2010 Coexistance

Posted on 2011-10-16
Last Modified: 2012-05-12
Can anyone explain how to configure the SSL on the Exchange 2007 and 2010 CAS server in a coexistance setup. Read a bunch of different ways to do this on the internet and MS articles are not clear.

2007 CAS has existing UCC/SAN with
CAS Netbios

2010 Should have?????

Do i request the new 2010 CAS server with the above names and then export / import this SSL to the 2007 CAS?
Question by:bushido2006
    LVL 7

    Expert Comment

    LVL 16

    Expert Comment

    All users can connect via EXCHNGE2010 CAS server in an coexistence scenario. you only need a SSL certificate for your exchange2010 and just create a DNS entry for your exchange2007 users as
    and if you have valid certificate on exchange2007 and you want use the same on exchange2010 then you have to revoke your existing certificate and create nee CSR via exchange2010 certificate and reissued the certificate from your SSL authority.
    LVL 2

    Accepted Solution

    Well some of your questions depend on different factors in your environment.

    If you are going to co-exist you need an alternate namespace for the 2007 environment.  So if it is you will need that in the SAN for BOTH servers.  The other way you could do this is use a wildcard certificate for both but since either way you need a new cert do what makes the most sense for you (Keep in mind wildcard certs on 07 can be trickey with Outlook Anywhere).

    So depending if you have to buy a cert or you have an internal CA you have to do the following.

    Use the cert wizard on the Exchange 2010 console and create a new cert request.
    FQDN of 2010 CAS
    * FQDN of Legacy CAS (This is only if you are going to export this cert and use it for the 2007 box)

    Once you get the crt or pfx file back you import the cert using Exchange 2010 pending cert request and complete it.
    Assign ISS services to the cert in 2010
    Open Certificates MMC
    Export the Certificate and make a private key
    Import the Certificate on the Exchange 2007 server
    Find the thumbprint (Get-ExchangeCertificate)
    Enable the Certificate (Enable-ExchangeCertificate -thumbprint XXX -Services POP,IMAP,IIS)

    Now, both certs should be up and functional.
    However, do not forget to change the virtual directories of OWA, AS,OAB, and Web Services etc.. for 2007 for the new namespace

    Do not forget to have DNS records created for the new namespace.

    Again, depending on your environment you may need to make more changes.  Do you use ISA/TMG in the DMZ?  If so you need to create publishing rules for a web listener.  If you use Forms Based Authen you need to make sure Basic is on for 2010 to avoid double prompts.

    Hopefully this is enough to give you the overall idea but if you have anything more specific please ask.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now