• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

Exchange 2007 certificate

I need to replace an exchange certificate as it will expire soon. however the former administrator is no longer reachable so i will need to revoce the existing certificate. once the certificate is revoked, will Outlook be able to connect to exchange server with a warning, or will it stop working at all, until the new certificate is installed.
this could result in downtime what i have to avoid. any ideas appreciated!
0
mwiesauer
Asked:
mwiesauer
  • 4
  • 2
  • 2
  • +2
1 Solution
 
Svet PaperovIT ManagerCommented:
There is no need to revoke th certificate, just replaced before its expiation date. If this is a certificate from a trusted CA as Verisign, DigiCert, etc. Outlook will not generate any error - it accets server based certificates if they come from a trusted CA (the Public certificates of the most of the trusted root CAs are installed in Windows and are updated via Windows Updates). No downtime will occur if the certificate is replaced before its expiration.
0
 
mwiesauerAuthor Commented:
The certificate is from godaddy. i tried to recreate it but they told me that it is already issued under a different account (the former administrator), so i can not create a new one to replace it. godaddy support told me that i have to revoke it.
0
 
Svet PaperovIT ManagerCommented:
If you revoke it, you will have a downtime before issuing and installing the new one. Try to convince them in helping you, either by resetting that other account's password or issuing a new certificate (not renewing) before the old one expires. You could also go to a different provider. Personally, I prefer DigiCert as they have better certificate creation tool than GoDaddy and are not so expensive as Verisign.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
Malli BoppeCommented:
why are you revoking the certificate.
Just renew the certificate.That way you don't have any outage.You can use the below link to generate the powershell command
http://www.digicert.com/ssl-certificate-renewal-exchange-2007.htm
0
 
Simon Butler (Sembee)ConsultantCommented:
@mboppe - The user has to revoke the certificate because GoDaddy will not allow two certificates with the same host name to be issued at the same time, unless they are directly related to each other via a renewal process. This is common with most SSL providers to stop fraud. As the original account is not accessable, that isn't possible.

A certificate revocation is almost instant, so as already said, you will have downtime, so do the revocation out of hours so you can limit things. GoDaddy uses the WHOIS information to verify .com/.net certificates, so before you start, ensure that the email addresses on the domain go to valid places that you have access to.

While Digicert certificates are nice, and I use their certificate creation tool myself for Exchange 2007, I don't think they are worth three times the price of GoDaddy certificates, certainly to resolve what will be a short term issue - measured in hours if done correctly.

Simon.
0
 
nitin_badhwarCommented:
One more thought....

Just in case if suppose the management decide to go with other SSL provider rather then godady...what you will do in that case.

In my view and experience I had with customers ....
we can go with completely new SAN certificate....like DigiCert....and once new certificate comes, just apply it on the CAS /Edge Servers in normal fashion as per your requirement.

After installing the certificate , you can change the Services SMTP , WWW to new Thumbprint.Merely installing the certificate in 2007 exchange doesn't mean you have applied it for production as well.

Yes in case if you have compulsion to go with existing certificate provider only then you certainly have downtime.....update management about this in advance and have a planned downtime .Experts above are right in their opinion.

Regards

Nitin
0
 
mwiesauerAuthor Commented:
Thank you for your help. i will contact godaddy support and see if they can help. otherwise i will need to live with the downtime!
0
 
mwiesauerAuthor Commented:
one last thing: downtime meaning outlook not working - not just displaying a certificate warning?
0
 
nitin_badhwarCommented:
Only services published through CAS servers will be affected like OWA, Active Sync.
In Ex 2007, Outlook makes Mapi connections to Mailbox so no impact on Outlook clients.

In 2010 , MAPi connections are also on CAS servers so Outlook clients in exchange 2010 environment will also be affected .

Hope it helps

Nitin
0
 
mwiesauerAuthor Commented:
Thanks, it does :-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now