Link to home
Create AccountLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Exchange 2010 SSL Cert Install

Installed a 3rd party cert from godaddy into one of my exchange boxes, finally managed to get it working after the revocation errors.
Now struggling to get the cert installed into a second server.  I have exported and imported from working exchange into the other one and getting revocation errors again.

Is this the correct process or should i be creating a  cert on the new exchange box and going through the original process, CSR etc..
Avatar of Tony J
Tony J
Flag of United Kingdom of Great Britain and Northern Ireland image

Well technically you're meant to have one certificate per server but notwithstanding that, have you not tried running the certificate wizard from within the Exchange Management Console?
Avatar of CHI-LTD

ASKER

No, i did an export of the ssl cert from ex1 and did an import of that exported cert into ex2
http://technet.microsoft.com/en-us/library/dd351183(v=exchg.141).aspx

Having imported it, did you assign it to the relevant services?

What are the revocation errors you're seeing?
Avatar of CHI-LTD

ASKER

I imported via EMC, then assigned services using the shell.  So IIS and SMTP assigned.
Still showing revocation.
But what is the actual error? Can you provide a screenshot?
Avatar of CHI-LTD

ASKER

I have even imported the crl file that i can download fine into the CRL folder under MMC - Certificates locally on the server..
error attached:
exch.jpg
SOLUTION
Avatar of Tony J
Tony J
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
In other words...what I said - Exchange needs to have external access to the CRL
Avatar of CHI-LTD

ASKER

Is sure does have access.  No proxy server used.  THe site has direct internet access.
I have also already followed that link to exchange server pro...  
tried certutil etc
set proxy
reset proxy
etc
etc
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

Sure can.  It downloads it fine..
I have also imported this (read somewhere about doing this) but doesn't fix..
Avatar of CHI-LTD

ASKER

ideas?
firewall?
Avatar of CHI-LTD

ASKER

Got here in the end.  Followed a digicert guide which worked fine.
But was sometime ago and had some firewall changes made so could have been related to this.