Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Installing renewed SSL Certificate on Exchange Server 2003

Posted on 2012-12-20
12
Medium Priority
?
262 Views
Last Modified: 2013-01-03
Hello,
Our current Exchange certificate is expiring next week.  Created an CSR and received a renewed certicate ending 2012...I am trying to install the certificate on Exchange and am unable to do so.  Please provide me with instaructions on how to successfully install the renewed certificate.  
-The specs of the server:
OS Server 2003 SP2,
Exchange Server 2003 Enterprise SP2
0
Comment
Question by:Maximus54
  • 7
  • 4
12 Comments
 

Author Comment

by:Maximus54
ID: 38710246
The link that you provided does not work.  I need help please
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38710272
How did you create the CSR?
As the CSR is a pair with the response. So if you ran a wizard somewhere, you would normally re-run the same wizard and choose to complete the response. Then finally you can change the active certificate in IIS manager.

Simon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:Maximus54
ID: 38712889
Hello,
I was advised from my certificate vendor to create a "dummy site" on IIS, run the wizard for the CSR submitt content and reissue a new certificate.  Do you have a step by step guide that indicate renewing the current SSL certificate for webmail to a reissued one?  Our certificate expires on December 27th, 2012.  Another question, if the certificate is not renewed by then will webmail access stop working including smartphones that are currently running thru Active Sync?  Let me know please.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713193
They used the dummy site method - that is fine.
So you need to use the same site to complete the certificate request. Once you ahve completed the request, you can remove the dummy site. On the "live" site simply go through the certificate wizard, choosing the option to select an existing certificate. Your new one will be listed.

If the certificate expires, then ActiveSync will become unreliable. I cannot say 100% it will stop working because there are so many different implementations of ActiveSync which cope with SSL errors in different ways.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713664
While waiting for your response I was able to figure a way to import the renewed certificate into the root console\certificates and was able to run the wizard and install the new certificate thru the dummy site (see article:https://help.webcontrolcenter.com/KB/a1021/how-to-renew-create-new-certificate-signing-request.aspx?KBSearchID=280799).  My next move will be step 4 thru 7...I should be able to complete the certificate install on the production site.  It is recommended to reboot the server according to the article so I will have to schedule some downtime to do that before the deadline.  Let me knwo if all this information sounds like a good plan and if you have any suggestions or something that I should be aware of.  I want this to go as smooth as possible without further interruptions or surprises.
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713805
I don't see why rebooting the server would be required. This isn't making a change that requires that kind of erboot. The most you need to do is run IISRESET for the changes to take effect.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713998
Simon,
Thank you for the updated information.  My other question will be should I uninstall the certificate from the dummy website first and then delete the site, after all that attempt to request pending certificate on active site, renew option or replace certificate?
0
 

Author Comment

by:Maximus54
ID: 38714008
Also, once the certificate is imported will it display on all other features of webmail site (did see that current running certificate is in all other areas of site.  In addition will smartphone pickup immediately with new certificate setting or need to be modified and or configured with the new changes?
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38714669
You don't want to touch the dummy site until the request has been completed. Once it has, on the properties of the dummy site you should be able to view the certificate. Only then go in to the properties of the live site and change the current certificate.

The whole point of using a commercial certificate is so that you don't have to touch the clients at all. Therefore as long as the host name is the same as the current one then it should be transparent to the users.

Simon.
0
 

Accepted Solution

by:
Maximus54 earned 0 total points
ID: 38729612
Simon,
The SSL cerificate was imported successfuly into the Exchange site.  Had to register the serial number and create a public key.  The site is working fine and smartphones are working fine.  It did not allow me to renew the current certificate but replace it.  Thank you for the follow up.
0
 

Author Closing Comment

by:Maximus54
ID: 38739492
I did not get all my direct answers from Expert-Exchange, had to research further and apply risky modifications to get the certificate running on time...I did get helpful hints to direct me finding a solution.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question