Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2003 to 2010 Coexist

Posted on 2013-05-16
3
294 Views
Last Modified: 2013-05-17
I have Exch 2003 which was set up on the perimeter with its own public IP.  It is the PDC/DNS server as well.  We currently use a self signed cert for the Exchange 2003 (same server is the CA)  I need to create a game plan for implementing a SAN/UCC cert with the needed DNS names:
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com

and exch2010.mycompany.local?
I'm not sure on the last one.

I'm being asked to create a self signed SAN from the PDC/CA for use with both servers.  As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA.  Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.

Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.

I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
0
Comment
Question by:farrnate
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39171880
You don't need the internal name of the Exchange server. When you come to purchase a trusted certificate you will not be able to include that name in there anyway.
Configure Exchange to use the external name internally as well using my guide here:
http://semb.ee/hostnames

If your CA goes away, then the certificate will become invalid. Ideally you should setup a new CA and request the new certificate with that.

As for a commercial certificate, when you can purchase them for less than $60/year (that is less than the cost of two Exchange CALs) it doesn't make much sense to use a self signed certificate.

Simon.
0
 

Author Comment

by:farrnate
ID: 39171944
Thanks for the advice!  Your answer really helps me argue the fact that self signed ssl's are not what we want in a small enterprise size business.  Especially as I will be pulling down that CA soon.  I hate to go through all the cert issues again when that happens.

Can you give me a link to good SAN/UCC cert vendor that is inexpensive and works well with Exchange?  I've done some reading and see that some certs need additional hand holding to get them imported (GoDaddy).

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39174554
I have a guide to the entire process on my web site here: http://semb.ee/ssl
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.

Simon.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video discusses moving either the default database or any database to a new volume.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question