Renew certificate for Exchange Server 2007
Hi All,
I will renew the certificate for our Exchange Server 2007. I want to know that do our mobile and IMAP/POP users need to accept a request for new certificate after I renew the new certificate on Exchange Server 2007?
Thanks.
Thomas
I will renew the certificate for our Exchange Server 2007. I want to know that do our mobile and IMAP/POP users need to accept a request for new certificate after I renew the new certificate on Exchange Server 2007?
Thanks.
Thomas
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Dear All,
Thanks for your comment. I have renewed the certificate of Exchange Server 2007 today. All Outlook, Mac OS X (Outlook for Mac and Mac Mail), OWA, Windows Phone, Andriod and iPhone / iPad could received emails after renewed the certificate. However, only some iPhones and iPads prompted out on screen and requested to trust a new certificate. I listed out all steps below for your reference:
Example:
Domain : smallbizco.net
Certificate : self signed certificate using Exchange commands
CAS Role server : hkexhub
Existing Service : POP, IMAP, IIS and SMTP
Steps
1. On Exchange 2007 CAS server, open 'Exchange Management Shell' and run the 'Get-ExchangeCertificate' command to list all certificate (picture renew01.jpg).
2. Run the 'New-ExchangeCertificate' command below (picture renew02.jpg).
New-ExchangeCertificate -domainname exchange.smallbizco.net, autodiscover.smallbizco.ne
3. Once I have generated a CSR file. I use it to generate the new certificate from our company CA (Microsoft CA server).
4. Run the Import-ExchangeCertificate
Import-ExchangeCertificate
5. After renewed the certificate, I checked all mail clients in our company. All mail clients were okay except iPhone / iPad (Microsoft Exchange ActiveSync). Checking results were listed below:
- Microsoft Outlook : OK
- OWA (picture renew04.jpg) : OK
- POP3 / IMAP4 clients : OK
- Mac Mail client on Mac OS X Lion / Mountain Lion : OK
- MS Outlook for Mac 2011: OK
- Windows Phone 7 / 8 : OK
- Andriod Mobile 2.X / 4.X : OK
- iPhone 4 / 4S / 5, iPad 2 / iPad Mini : All devices except iPhone 4. Prompt out certificate problem on screen (picture renew05.jpg). I needed to check continue to confirm.
I also submitted a Microsoft incident support call : [REG:1120521171XXXXXX]
Microsoft's engineer reply as below:
If we just renew the old certificate, it should be transparent for the end user (as root cert isn’t change, and most client side cert issue is because the root cert cannot be trusted).
Hope the above information can help the other people.
Thomas
renew01.jpg
renew02.jpg
renew03.jpg
renew04.jpg
renew05.jpg
Thanks for your comment. I have renewed the certificate of Exchange Server 2007 today. All Outlook, Mac OS X (Outlook for Mac and Mac Mail), OWA, Windows Phone, Andriod and iPhone / iPad could received emails after renewed the certificate. However, only some iPhones and iPads prompted out on screen and requested to trust a new certificate. I listed out all steps below for your reference:
Example:
Domain : smallbizco.net
Certificate : self signed certificate using Exchange commands
CAS Role server : hkexhub
Existing Service : POP, IMAP, IIS and SMTP
Steps
1. On Exchange 2007 CAS server, open 'Exchange Management Shell' and run the 'Get-ExchangeCertificate' command to list all certificate (picture renew01.jpg).
2. Run the 'New-ExchangeCertificate' command below (picture renew02.jpg).
New-ExchangeCertificate -domainname exchange.smallbizco.net, autodiscover.smallbizco.ne
3. Once I have generated a CSR file. I use it to generate the new certificate from our company CA (Microsoft CA server).
4. Run the Import-ExchangeCertificate
Import-ExchangeCertificate
5. After renewed the certificate, I checked all mail clients in our company. All mail clients were okay except iPhone / iPad (Microsoft Exchange ActiveSync). Checking results were listed below:
- Microsoft Outlook : OK
- OWA (picture renew04.jpg) : OK
- POP3 / IMAP4 clients : OK
- Mac Mail client on Mac OS X Lion / Mountain Lion : OK
- MS Outlook for Mac 2011: OK
- Windows Phone 7 / 8 : OK
- Andriod Mobile 2.X / 4.X : OK
- iPhone 4 / 4S / 5, iPad 2 / iPad Mini : All devices except iPhone 4. Prompt out certificate problem on screen (picture renew05.jpg). I needed to check continue to confirm.
I also submitted a Microsoft incident support call : [REG:1120521171XXXXXX]
Microsoft's engineer reply as below:
If we just renew the old certificate, it should be transparent for the end user (as root cert isn’t change, and most client side cert issue is because the root cert cannot be trusted).
Hope the above information can help the other people.
Thomas
renew01.jpg
renew02.jpg
renew03.jpg
renew04.jpg
renew05.jpg
awesome friend...
you prepare one document on that issue...i will suggest you to please upload it to your Article and knowledge base.
you prepare one document on that issue...i will suggest you to please upload it to your Article and knowledge base.
Hi Piyushranusri,
I have upload this issue to my Article. Hope it can help the other Exchange professional.
Thanks
Thomas
I have upload this issue to my Article. Hope it can help the other Exchange professional.
Thanks
Thomas
HTH,
Kent