Solved

Renew certificate for Exchange Server 2007

Posted on 2013-01-06
7
1,017 Views
Last Modified: 2013-01-08
Hi All,

I will renew the certificate for our Exchange Server 2007. I want to know that do our mobile  and IMAP/POP users need to accept a request for new certificate after I renew the new certificate on Exchange Server 2007?

Thanks.
Thomas
0
Comment
Question by:DT1640759
7 Comments
 
LVL 9

Accepted Solution

by:
tsaico earned 167 total points
ID: 38749730
No generally, they will automatically pick it up as long as the name doesn't change. (remote.mailserver.com)  Though be sure you go through the whole process and IIS reset so that the new certificate is being posted everywhere.  I have seen small number that forget to assign everything, and you get things like the internal clients still see the expired ssl, or the active sync works but the OWA doesn't present the right SSL.
0
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 38749733
Not sure if I am tracking with you on this..  When your users connect, the systems should check for an expired cert..  The only time when the users need to download/install a cert is really a manual process and not every day.  Please correct me if I am wrong.

HTH,

Kent
0
 
LVL 8

Assisted Solution

by:piyushranusri
piyushranusri earned 167 total points
ID: 38749953
it will prompt user on phones to check the new certificate.
they will get two option..install and cancel

you have to share the certificate with user to install on their phones
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 166 total points
ID: 38752879
If you renew with a commercial signed certificate with the same name, then there will be prompt, as the certificate is trusted.
If you rewew with a self signed certificate using Exchange commands, then clients may get prompts or may even fail completely. The Exchange self signed certificate is not supported for use with ActiveSync and Outlook Anywhere.

Simon.
0
 

Author Comment

by:DT1640759
ID: 38753679
Dear All,

Thanks for your comment. I have renewed the certificate of Exchange Server 2007 today. All Outlook, Mac OS X (Outlook for Mac and Mac Mail), OWA, Windows Phone, Andriod and iPhone / iPad could received emails after renewed the certificate. However, only some iPhones and iPads prompted out on screen and requested to trust a new certificate. I listed out all steps below for your reference:

Example:
Domain : smallbizco.net
Certificate : self signed certificate using Exchange commands
CAS Role server : hkexhub
Existing Service : POP, IMAP, IIS and SMTP

Steps
1. On Exchange 2007 CAS server, open 'Exchange Management Shell' and run the 'Get-ExchangeCertificate' command to list all certificate (picture renew01.jpg).

2. Run the 'New-ExchangeCertificate' command below (picture renew02.jpg).

New-ExchangeCertificate -domainname exchange.smallbizco.net, autodiscover.smallbizco.net, smallbizco.net, hkexhub, hkexhub.smallbizco.net -Friendlyname HKexhub -generaterequest:$true -keysize 2048 -path c:\certrequest_hkexhub.txt -privatekeyexportable:$true -subjectname "c=HK, s=, l=Hong Kong, o=Smallbizco.net, ou=IT, cn=hkexhub"

3. Once I have generated a CSR file. I use it to generate the new certificate from our company CA (Microsoft CA server).

4. Run the Import-ExchangeCertificate command below (picture renew03.jpg). Make sure to specify the path to the certificate file and remove any services that you will not be using.

Import-ExchangeCertificate -path c:\certnew.p7b | Enable-ExchangeCertificate -Services IMAP, POP, IIS, SMTP

5. After renewed the certificate, I checked all mail clients in our company. All mail clients were okay except iPhone / iPad (Microsoft Exchange ActiveSync). Checking results were listed below:

- Microsoft Outlook : OK
- OWA (picture renew04.jpg) : OK
- POP3 / IMAP4 clients : OK
- Mac Mail client on Mac OS X Lion / Mountain Lion : OK
- MS Outlook for Mac 2011: OK
- Windows Phone 7 / 8 : OK
- Andriod Mobile 2.X / 4.X : OK
- iPhone 4 / 4S / 5, iPad 2 / iPad Mini : All devices except iPhone 4. Prompt out certificate problem on screen (picture renew05.jpg). I needed to check continue to confirm.

I also submitted a Microsoft incident support call : [REG:1120521171XXXXXX]
Microsoft's engineer reply as below:

If we just renew the old certificate, it should be transparent for the end user (as root cert isn’t change, and most client side cert issue is because the root cert cannot be trusted).

Hope the above information can help the other people.

Thomas
renew01.jpg
renew02.jpg
renew03.jpg
renew04.jpg
renew05.jpg
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 38753701
awesome friend...
you prepare one document on that issue...i will suggest you to please upload it to your Article and knowledge base.
0
 

Author Comment

by:DT1640759
ID: 38754510
Hi Piyushranusri,

I have upload this issue to my Article. Hope it can help the other Exchange professional.

Thanks
Thomas
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now