Solved

Exchange 2003 to 2010 Coexist

Posted on 2013-05-16
3
290 Views
Last Modified: 2013-05-17
I have Exch 2003 which was set up on the perimeter with its own public IP.  It is the PDC/DNS server as well.  We currently use a self signed cert for the Exchange 2003 (same server is the CA)  I need to create a game plan for implementing a SAN/UCC cert with the needed DNS names:
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com

and exch2010.mycompany.local?
I'm not sure on the last one.

I'm being asked to create a self signed SAN from the PDC/CA for use with both servers.  As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA.  Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.

Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.

I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
0
Comment
Question by:farrnate
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39171880
You don't need the internal name of the Exchange server. When you come to purchase a trusted certificate you will not be able to include that name in there anyway.
Configure Exchange to use the external name internally as well using my guide here:
http://semb.ee/hostnames

If your CA goes away, then the certificate will become invalid. Ideally you should setup a new CA and request the new certificate with that.

As for a commercial certificate, when you can purchase them for less than $60/year (that is less than the cost of two Exchange CALs) it doesn't make much sense to use a self signed certificate.

Simon.
0
 

Author Comment

by:farrnate
ID: 39171944
Thanks for the advice!  Your answer really helps me argue the fact that self signed ssl's are not what we want in a small enterprise size business.  Especially as I will be pulling down that CA soon.  I hate to go through all the cert issues again when that happens.

Can you give me a link to good SAN/UCC cert vendor that is inexpensive and works well with Exchange?  I've done some reading and see that some certs need additional hand holding to get them imported (GoDaddy).

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39174554
I have a guide to the entire process on my web site here: http://semb.ee/ssl
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.

Simon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now