Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Installing renewed SSL Certificate on Exchange Server 2003

Posted on 2012-12-20
12
Medium Priority
?
260 Views
Last Modified: 2013-01-03
Hello,
Our current Exchange certificate is expiring next week.  Created an CSR and received a renewed certicate ending 2012...I am trying to install the certificate on Exchange and am unable to do so.  Please provide me with instaructions on how to successfully install the renewed certificate.  
-The specs of the server:
OS Server 2003 SP2,
Exchange Server 2003 Enterprise SP2
0
Comment
Question by:Maximus54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 

Author Comment

by:Maximus54
ID: 38710246
The link that you provided does not work.  I need help please
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38710272
How did you create the CSR?
As the CSR is a pair with the response. So if you ran a wizard somewhere, you would normally re-run the same wizard and choose to complete the response. Then finally you can change the active certificate in IIS manager.

Simon.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:Maximus54
ID: 38712889
Hello,
I was advised from my certificate vendor to create a "dummy site" on IIS, run the wizard for the CSR submitt content and reissue a new certificate.  Do you have a step by step guide that indicate renewing the current SSL certificate for webmail to a reissued one?  Our certificate expires on December 27th, 2012.  Another question, if the certificate is not renewed by then will webmail access stop working including smartphones that are currently running thru Active Sync?  Let me know please.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713193
They used the dummy site method - that is fine.
So you need to use the same site to complete the certificate request. Once you ahve completed the request, you can remove the dummy site. On the "live" site simply go through the certificate wizard, choosing the option to select an existing certificate. Your new one will be listed.

If the certificate expires, then ActiveSync will become unreliable. I cannot say 100% it will stop working because there are so many different implementations of ActiveSync which cope with SSL errors in different ways.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713664
While waiting for your response I was able to figure a way to import the renewed certificate into the root console\certificates and was able to run the wizard and install the new certificate thru the dummy site (see article:https://help.webcontrolcenter.com/KB/a1021/how-to-renew-create-new-certificate-signing-request.aspx?KBSearchID=280799).  My next move will be step 4 thru 7...I should be able to complete the certificate install on the production site.  It is recommended to reboot the server according to the article so I will have to schedule some downtime to do that before the deadline.  Let me knwo if all this information sounds like a good plan and if you have any suggestions or something that I should be aware of.  I want this to go as smooth as possible without further interruptions or surprises.
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38713805
I don't see why rebooting the server would be required. This isn't making a change that requires that kind of erboot. The most you need to do is run IISRESET for the changes to take effect.

Simon.
0
 

Author Comment

by:Maximus54
ID: 38713998
Simon,
Thank you for the updated information.  My other question will be should I uninstall the certificate from the dummy website first and then delete the site, after all that attempt to request pending certificate on active site, renew option or replace certificate?
0
 

Author Comment

by:Maximus54
ID: 38714008
Also, once the certificate is imported will it display on all other features of webmail site (did see that current running certificate is in all other areas of site.  In addition will smartphone pickup immediately with new certificate setting or need to be modified and or configured with the new changes?
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38714669
You don't want to touch the dummy site until the request has been completed. Once it has, on the properties of the dummy site you should be able to view the certificate. Only then go in to the properties of the live site and change the current certificate.

The whole point of using a commercial certificate is so that you don't have to touch the clients at all. Therefore as long as the host name is the same as the current one then it should be transparent to the users.

Simon.
0
 

Accepted Solution

by:
Maximus54 earned 0 total points
ID: 38729612
Simon,
The SSL cerificate was imported successfuly into the Exchange site.  Had to register the serial number and create a public key.  The site is working fine and smartphones are working fine.  It did not allow me to renew the current certificate but replace it.  Thank you for the follow up.
0
 

Author Closing Comment

by:Maximus54
ID: 38739492
I did not get all my direct answers from Expert-Exchange, had to research further and apply risky modifications to get the certificate running on time...I did get helpful hints to direct me finding a solution.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question