• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

Certificates Exchange 2003 - 2010 migration

Hi All,

I would like to know in a few simple steps what I am supposed to do about certificates when migrating to Exchange 2010.  This is the setup:

1. We have 1 Exchange 2003 server
2. We are implementing 2 Exchange 2010 servers in a CAS array with DAGs
3. We will then be moving mailboxes across to the Exchange 2010 servers in our own time.

Now I know I need one of the new SAN certificates with the domain multiple names but then what?  I have 2 CAS servers so can I import this same certificate to both servers if so how?

What do I do about the Exchange 2003 server do I need to import this new certificate here? if so how?  Will users get prompts to accept new certificates in Outllok and over activesync?

I can't find good documentation  for this anywhere, please help!
0
robclarke41
Asked:
robclarke41
1 Solution
 
Darkworld1000Commented:
Certificates in Migrating from Exchange 2003 / Exchange 2007 to Exchange 2010

http://www.networkworld.com/community/node/58685
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
0
 
robclarke41Author Commented:
Hi, I've managed to create the certificate and assigned it to the first CAS server in the array. I then imported it to the second server but it is not visible, just the first certificate remains (which I cant remove until I add another).  Am I doing the right or is there something else I'm supposed to do for certificateson multiple CAS servers?  Would appreciate some real help not a link to a guide. thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Simon Butler (Sembee)ConsultantCommented:
Are you using commercial certificates?
If so, you may have to install an intemediate certificate as well. After installing the certificate you also need to enable the services on the certificate. Finally run IISRESET.

However there should be nothing more than an export of the certificate and then an import.

Simon.
0
 
suriyaehnopCommented:
This article explained how to install certificate on CAS running with NLB. 1st install the certificate on 1 node of CAS then export the certificate with private key and install on 2 node of CAS

http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/load-balancing-exchange-2007-client-access-servers-windows-network-technology-part3.html
0
 
robclarke41Author Commented:
Ok so I seem to have it all working in a test environment.  This is what I have done, will this work when implemented for real?

Exchange 2003 server still using existing cert (cert was only ever for OWA and activesync)

2x Exchange 2010 CAS servers using new SAN certificate

2010 owa users connect up and login without any problems.

2003 owa users connect to the 2010 server and log in and are redirected successfully to the 2003 server.

We have never used SSL on our existing 2003 MAPI connections so this all seems to work fine.  Can anyone see any problems with this before I implement it?
0
 
Simon Butler (Sembee)ConsultantCommented:
MAPI doesn't use SSL, never has done and doesn't under Exchange 2010 either.
What uses SSL is the web services part, that includes autodiscover and the availability service.

Otherwise what you have outlined is how it is supposed to work.

Simon.
0
 
robclarke41Author Commented:
Thanks Simon, so I'm ok to keep the existing cert on the 2003 server? I've read some articles that say you should put the new SAN cert on the 2010 servers and the 2003 server.  I did quickly test this and it broke OWA for 2003 clients! Any idea why?!
0
 
robclarke41Author Commented:
Can you even use a SAN certificate on an Exchange 2003 server?
0
 
Simon Butler (Sembee)ConsultantCommented:
Yes.
Exchange 2003 doesn't care. Unified Communications certificate just have additional information in them. Otherwise they function identically to a single name certificate.

Simon.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now