• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

Installing renewed SSL Certificate on Exchange Server 2003

Hello,
Our current Exchange certificate is expiring next week.  Created an CSR and received a renewed certicate ending 2012...I am trying to install the certificate on Exchange and am unable to do so.  Please provide me with instaructions on how to successfully install the renewed certificate.  
-The specs of the server:
OS Server 2003 SP2,
Exchange Server 2003 Enterprise SP2
0
Maximus54
Asked:
Maximus54
  • 7
  • 4
1 Solution
 
Gary DewrellSenior Network AdministratorCommented:
0
 
Maximus54Author Commented:
The link that you provided does not work.  I need help please
0
 
Simon Butler (Sembee)ConsultantCommented:
How did you create the CSR?
As the CSR is a pair with the response. So if you ran a wizard somewhere, you would normally re-run the same wizard and choose to complete the response. Then finally you can change the active certificate in IIS manager.

Simon.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Maximus54Author Commented:
Hello,
I was advised from my certificate vendor to create a "dummy site" on IIS, run the wizard for the CSR submitt content and reissue a new certificate.  Do you have a step by step guide that indicate renewing the current SSL certificate for webmail to a reissued one?  Our certificate expires on December 27th, 2012.  Another question, if the certificate is not renewed by then will webmail access stop working including smartphones that are currently running thru Active Sync?  Let me know please.
0
 
Simon Butler (Sembee)ConsultantCommented:
They used the dummy site method - that is fine.
So you need to use the same site to complete the certificate request. Once you ahve completed the request, you can remove the dummy site. On the "live" site simply go through the certificate wizard, choosing the option to select an existing certificate. Your new one will be listed.

If the certificate expires, then ActiveSync will become unreliable. I cannot say 100% it will stop working because there are so many different implementations of ActiveSync which cope with SSL errors in different ways.

Simon.
0
 
Maximus54Author Commented:
While waiting for your response I was able to figure a way to import the renewed certificate into the root console\certificates and was able to run the wizard and install the new certificate thru the dummy site (see article:https://help.webcontrolcenter.com/KB/a1021/how-to-renew-create-new-certificate-signing-request.aspx?KBSearchID=280799).  My next move will be step 4 thru 7...I should be able to complete the certificate install on the production site.  It is recommended to reboot the server according to the article so I will have to schedule some downtime to do that before the deadline.  Let me knwo if all this information sounds like a good plan and if you have any suggestions or something that I should be aware of.  I want this to go as smooth as possible without further interruptions or surprises.
Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
I don't see why rebooting the server would be required. This isn't making a change that requires that kind of erboot. The most you need to do is run IISRESET for the changes to take effect.

Simon.
0
 
Maximus54Author Commented:
Simon,
Thank you for the updated information.  My other question will be should I uninstall the certificate from the dummy website first and then delete the site, after all that attempt to request pending certificate on active site, renew option or replace certificate?
0
 
Maximus54Author Commented:
Also, once the certificate is imported will it display on all other features of webmail site (did see that current running certificate is in all other areas of site.  In addition will smartphone pickup immediately with new certificate setting or need to be modified and or configured with the new changes?
Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
You don't want to touch the dummy site until the request has been completed. Once it has, on the properties of the dummy site you should be able to view the certificate. Only then go in to the properties of the live site and change the current certificate.

The whole point of using a commercial certificate is so that you don't have to touch the clients at all. Therefore as long as the host name is the same as the current one then it should be transparent to the users.

Simon.
0
 
Maximus54Author Commented:
Simon,
The SSL cerificate was imported successfuly into the Exchange site.  Had to register the serial number and create a public key.  The site is working fine and smartphones are working fine.  It did not allow me to renew the current certificate but replace it.  Thank you for the follow up.
0
 
Maximus54Author Commented:
I did not get all my direct answers from Expert-Exchange, had to research further and apply risky modifications to get the certificate running on time...I did get helpful hints to direct me finding a solution.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now