Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 to 2010 Coexist

Posted on 2013-05-16
3
Medium Priority
?
300 Views
Last Modified: 2013-05-17
I have Exch 2003 which was set up on the perimeter with its own public IP.  It is the PDC/DNS server as well.  We currently use a self signed cert for the Exchange 2003 (same server is the CA)  I need to create a game plan for implementing a SAN/UCC cert with the needed DNS names:
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com

and exch2010.mycompany.local?
I'm not sure on the last one.

I'm being asked to create a self signed SAN from the PDC/CA for use with both servers.  As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA.  Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.

Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.

I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
0
Comment
Question by:farrnate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39171880
You don't need the internal name of the Exchange server. When you come to purchase a trusted certificate you will not be able to include that name in there anyway.
Configure Exchange to use the external name internally as well using my guide here:
http://semb.ee/hostnames

If your CA goes away, then the certificate will become invalid. Ideally you should setup a new CA and request the new certificate with that.

As for a commercial certificate, when you can purchase them for less than $60/year (that is less than the cost of two Exchange CALs) it doesn't make much sense to use a self signed certificate.

Simon.
0
 

Author Comment

by:farrnate
ID: 39171944
Thanks for the advice!  Your answer really helps me argue the fact that self signed ssl's are not what we want in a small enterprise size business.  Especially as I will be pulling down that CA soon.  I hate to go through all the cert issues again when that happens.

Can you give me a link to good SAN/UCC cert vendor that is inexpensive and works well with Exchange?  I've done some reading and see that some certs need additional hand holding to get them imported (GoDaddy).

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39174554
I have a guide to the entire process on my web site here: http://semb.ee/ssl
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.

Simon.
0

Featured Post

WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question