Solved

Installing renewed SSL Certificate on Exchange Server 2003

Posted on 2012-12-20
12
256 Views
Last Modified: 2013-01-03
Hello,
Our current Exchange certificate is expiring next week.  Created an CSR and received a renewed certicate ending 2012...I am trying to install the certificate on Exchange and am unable to do so.  Please provide me with instaructions on how to successfully install the renewed certificate.  
-The specs of the server:
OS Server 2003 SP2,
Exchange Server 2003 Enterprise SP2
0
Comment
Question by:Maximus54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 

Author Comment

by:Maximus54
ID: 38710246
The link that you provided does not work.  I need help please
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38710272
How did you create the CSR?
As the CSR is a pair with the response. So if you ran a wizard somewhere, you would normally re-run the same wizard and choose to complete the response. Then finally you can change the active certificate in IIS manager.

Simon.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Maximus54
ID: 38712889
Hello,
I was advised from my certificate vendor to create a "dummy site" on IIS, run the wizard for the CSR submitt content and reissue a new certificate.  Do you have a step by step guide that indicate renewing the current SSL certificate for webmail to a reissued one?  Our certificate expires on December 27th, 2012.  Another question, if the certificate is not renewed by then will webmail access stop working including smartphones that are currently running thru Active Sync?  Let me know please.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713193
They used the dummy site method - that is fine.
So you need to use the same site to complete the certificate request. Once you ahve completed the request, you can remove the dummy site. On the "live" site simply go through the certificate wizard, choosing the option to select an existing certificate. Your new one will be listed.

If the certificate expires, then ActiveSync will become unreliable. I cannot say 100% it will stop working because there are so many different implementations of ActiveSync which cope with SSL errors in different ways.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713664
While waiting for your response I was able to figure a way to import the renewed certificate into the root console\certificates and was able to run the wizard and install the new certificate thru the dummy site (see article:https://help.webcontrolcenter.com/KB/a1021/how-to-renew-create-new-certificate-signing-request.aspx?KBSearchID=280799).  My next move will be step 4 thru 7...I should be able to complete the certificate install on the production site.  It is recommended to reboot the server according to the article so I will have to schedule some downtime to do that before the deadline.  Let me knwo if all this information sounds like a good plan and if you have any suggestions or something that I should be aware of.  I want this to go as smooth as possible without further interruptions or surprises.
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713805
I don't see why rebooting the server would be required. This isn't making a change that requires that kind of erboot. The most you need to do is run IISRESET for the changes to take effect.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713998
Simon,
Thank you for the updated information.  My other question will be should I uninstall the certificate from the dummy website first and then delete the site, after all that attempt to request pending certificate on active site, renew option or replace certificate?
0
 

Author Comment

by:Maximus54
ID: 38714008
Also, once the certificate is imported will it display on all other features of webmail site (did see that current running certificate is in all other areas of site.  In addition will smartphone pickup immediately with new certificate setting or need to be modified and or configured with the new changes?
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38714669
You don't want to touch the dummy site until the request has been completed. Once it has, on the properties of the dummy site you should be able to view the certificate. Only then go in to the properties of the live site and change the current certificate.

The whole point of using a commercial certificate is so that you don't have to touch the clients at all. Therefore as long as the host name is the same as the current one then it should be transparent to the users.

Simon.
0
 

Accepted Solution

by:
Maximus54 earned 0 total points
ID: 38729612
Simon,
The SSL cerificate was imported successfuly into the Exchange site.  Had to register the serial number and create a public key.  The site is working fine and smartphones are working fine.  It did not allow me to renew the current certificate but replace it.  Thank you for the follow up.
0
 

Author Closing Comment

by:Maximus54
ID: 38739492
I did not get all my direct answers from Expert-Exchange, had to research further and apply risky modifications to get the certificate running on time...I did get helpful hints to direct me finding a solution.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question