Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 949
  • Last Modified:

How to renew the self-signed SBS 2008 certificate if I have a 3rd party cert for exchange installed?

Hi,
I am using a valid long lasting 3rd party certificate for mail.company.com which works fine for mobile user access.

Now the self-cert certificate for sbs.company.local has expired.
I get the message that I could renew it using the task "new exchange certificate".

I don't know how to renew the certificate for sbs.company.local and make sure the mail.company.com certificate remains untouched.

Thanks in advance for your help,
Andreas
0
Andreas200
Asked:
Andreas200
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Andreas200Author Commented:
Thanks for your help.
The problem is that the 3rd party cert is for "mail.company.com" but the servername is "sbs.company.local".
0
 
Larry Struckmeyer MVPCommented:
Don't know what you have already invested in this, but the solutiion is about $20/yr with a Go Daddy cert using the SBS wizards to create and install it.  Not sure I would spend a lot of time on it for that price.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
WORKS2011Austin Tech CompanyCommented:
try these commands:

1. to get the thumbprint type: Get-ExchangeCertificate -domain "servername" | fl
2. thumbprint in step 1 enter in step 3.
3. type: Get-ExchangeCertificate -thumbprint "2FB28F5075EFE9B30A8F8458DED0A137629F62D7" | New-ExchangeCertificate
4. you'll confirm "overwrite existing default SMTP certificate, take the new thumbprint and enter in step 5
5. Enable-ExchangeCertificate -thumbprint "FB5AECA6B39816F 02B3245BD1D953934HD8H730F" -services IIS
0
 
Andreas200Author Commented:
Thanks WORKS2011 - i will give it a try and let you know.

Andreas
0
 
Rob WilliamsCommented:
You should really fix the problem of mismatched names. To do so simply run the "Set up your internet address wizard" and in step #7 of the following link choose advanced settings and enter mail.company.com  That should eliminate the mis-match and generate a new self signed cert. If not, once done run the fix my network wizard and it will do so.
http://blogs.technet.com/b/sbs/archive/2008/10/15/introducing-the-internet-address-management-wizard-part-1-of-3.aspx
0
 
Andreas200Author Commented:
Hello WORKS2011,

there is a side effect: the new certificate has a validity of 7 days only.
How can I fix a validity of e.g. 3 years?

Andreas
0
 
WORKS2011Austin Tech CompanyCommented:
go into IIS manager and highlight severname, in the right pain double click "Server Certificates" you should see your cert here.

I would create a new cert and give it a year or longest possible time then replace the newly created cert with the steps I mentioned above.

Let me know how this works out for you.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now