Solved

Installing renewed SSL Certificate on Exchange Server 2003

Posted on 2012-12-20
12
229 Views
Last Modified: 2013-01-03
Hello,
Our current Exchange certificate is expiring next week.  Created an CSR and received a renewed certicate ending 2012...I am trying to install the certificate on Exchange and am unable to do so.  Please provide me with instaructions on how to successfully install the renewed certificate.  
-The specs of the server:
OS Server 2003 SP2,
Exchange Server 2003 Enterprise SP2
0
Comment
Question by:Maximus54
  • 7
  • 4
12 Comments
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 38710103
0
 

Author Comment

by:Maximus54
ID: 38710246
The link that you provided does not work.  I need help please
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38710272
How did you create the CSR?
As the CSR is a pair with the response. So if you ran a wizard somewhere, you would normally re-run the same wizard and choose to complete the response. Then finally you can change the active certificate in IIS manager.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38712889
Hello,
I was advised from my certificate vendor to create a "dummy site" on IIS, run the wizard for the CSR submitt content and reissue a new certificate.  Do you have a step by step guide that indicate renewing the current SSL certificate for webmail to a reissued one?  Our certificate expires on December 27th, 2012.  Another question, if the certificate is not renewed by then will webmail access stop working including smartphones that are currently running thru Active Sync?  Let me know please.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713193
They used the dummy site method - that is fine.
So you need to use the same site to complete the certificate request. Once you ahve completed the request, you can remove the dummy site. On the "live" site simply go through the certificate wizard, choosing the option to select an existing certificate. Your new one will be listed.

If the certificate expires, then ActiveSync will become unreliable. I cannot say 100% it will stop working because there are so many different implementations of ActiveSync which cope with SSL errors in different ways.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713664
While waiting for your response I was able to figure a way to import the renewed certificate into the root console\certificates and was able to run the wizard and install the new certificate thru the dummy site (see article:https://help.webcontrolcenter.com/KB/a1021/how-to-renew-create-new-certificate-signing-request.aspx?KBSearchID=280799).  My next move will be step 4 thru 7...I should be able to complete the certificate install on the production site.  It is recommended to reboot the server according to the article so I will have to schedule some downtime to do that before the deadline.  Let me knwo if all this information sounds like a good plan and if you have any suggestions or something that I should be aware of.  I want this to go as smooth as possible without further interruptions or surprises.
Thanks
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713805
I don't see why rebooting the server would be required. This isn't making a change that requires that kind of erboot. The most you need to do is run IISRESET for the changes to take effect.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713998
Simon,
Thank you for the updated information.  My other question will be should I uninstall the certificate from the dummy website first and then delete the site, after all that attempt to request pending certificate on active site, renew option or replace certificate?
0
 

Author Comment

by:Maximus54
ID: 38714008
Also, once the certificate is imported will it display on all other features of webmail site (did see that current running certificate is in all other areas of site.  In addition will smartphone pickup immediately with new certificate setting or need to be modified and or configured with the new changes?
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38714669
You don't want to touch the dummy site until the request has been completed. Once it has, on the properties of the dummy site you should be able to view the certificate. Only then go in to the properties of the live site and change the current certificate.

The whole point of using a commercial certificate is so that you don't have to touch the clients at all. Therefore as long as the host name is the same as the current one then it should be transparent to the users.

Simon.
0
 

Accepted Solution

by:
Maximus54 earned 0 total points
ID: 38729612
Simon,
The SSL cerificate was imported successfuly into the Exchange site.  Had to register the serial number and create a public key.  The site is working fine and smartphones are working fine.  It did not allow me to renew the current certificate but replace it.  Thank you for the follow up.
0
 

Author Closing Comment

by:Maximus54
ID: 38739492
I did not get all my direct answers from Expert-Exchange, had to research further and apply risky modifications to get the certificate running on time...I did get helpful hints to direct me finding a solution.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now