Exchange 2007 certificate

I need to replace an exchange certificate as it will expire soon. however the former administrator is no longer reachable so i will need to revoce the existing certificate. once the certificate is revoked, will Outlook be able to connect to exchange server with a warning, or will it stop working at all, until the new certificate is installed.
this could result in downtime what i have to avoid. any ideas appreciated!
mwiesauerAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
@mboppe - The user has to revoke the certificate because GoDaddy will not allow two certificates with the same host name to be issued at the same time, unless they are directly related to each other via a renewal process. This is common with most SSL providers to stop fraud. As the original account is not accessable, that isn't possible.

A certificate revocation is almost instant, so as already said, you will have downtime, so do the revocation out of hours so you can limit things. GoDaddy uses the WHOIS information to verify .com/.net certificates, so before you start, ensure that the email addresses on the domain go to valid places that you have access to.

While Digicert certificates are nice, and I use their certificate creation tool myself for Exchange 2007, I don't think they are worth three times the price of GoDaddy certificates, certainly to resolve what will be a short term issue - measured in hours if done correctly.

Simon.
0
 
Svet PaperovIT ManagerCommented:
There is no need to revoke th certificate, just replaced before its expiation date. If this is a certificate from a trusted CA as Verisign, DigiCert, etc. Outlook will not generate any error - it accets server based certificates if they come from a trusted CA (the Public certificates of the most of the trusted root CAs are installed in Windows and are updated via Windows Updates). No downtime will occur if the certificate is replaced before its expiration.
0
 
mwiesauerAuthor Commented:
The certificate is from godaddy. i tried to recreate it but they told me that it is already issued under a different account (the former administrator), so i can not create a new one to replace it. godaddy support told me that i have to revoke it.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Svet PaperovIT ManagerCommented:
If you revoke it, you will have a downtime before issuing and installing the new one. Try to convince them in helping you, either by resetting that other account's password or issuing a new certificate (not renewing) before the old one expires. You could also go to a different provider. Personally, I prefer DigiCert as they have better certificate creation tool than GoDaddy and are not so expensive as Verisign.
0
 
Malli BoppeCommented:
why are you revoking the certificate.
Just renew the certificate.That way you don't have any outage.You can use the below link to generate the powershell command
http://www.digicert.com/ssl-certificate-renewal-exchange-2007.htm
0
 
nitin_badhwarCommented:
One more thought....

Just in case if suppose the management decide to go with other SSL provider rather then godady...what you will do in that case.

In my view and experience I had with customers ....
we can go with completely new SAN certificate....like DigiCert....and once new certificate comes, just apply it on the CAS /Edge Servers in normal fashion as per your requirement.

After installing the certificate , you can change the Services SMTP , WWW to new Thumbprint.Merely installing the certificate in 2007 exchange doesn't mean you have applied it for production as well.

Yes in case if you have compulsion to go with existing certificate provider only then you certainly have downtime.....update management about this in advance and have a planned downtime .Experts above are right in their opinion.

Regards

Nitin
0
 
mwiesauerAuthor Commented:
Thank you for your help. i will contact godaddy support and see if they can help. otherwise i will need to live with the downtime!
0
 
mwiesauerAuthor Commented:
one last thing: downtime meaning outlook not working - not just displaying a certificate warning?
0
 
nitin_badhwarCommented:
Only services published through CAS servers will be affected like OWA, Active Sync.
In Ex 2007, Outlook makes Mapi connections to Mailbox so no impact on Outlook clients.

In 2010 , MAPi connections are also on CAS servers so Outlook clients in exchange 2010 environment will also be affected .

Hope it helps

Nitin
0
 
mwiesauerAuthor Commented:
Thanks, it does :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.