?
Solved

Exchange 2003 to 2010 Coexist

Posted on 2013-05-16
3
Medium Priority
?
298 Views
Last Modified: 2013-05-17
I have Exch 2003 which was set up on the perimeter with its own public IP.  It is the PDC/DNS server as well.  We currently use a self signed cert for the Exchange 2003 (same server is the CA)  I need to create a game plan for implementing a SAN/UCC cert with the needed DNS names:
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com

and exch2010.mycompany.local?
I'm not sure on the last one.

I'm being asked to create a self signed SAN from the PDC/CA for use with both servers.  As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA.  Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.

Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.

I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
0
Comment
Question by:farrnate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39171880
You don't need the internal name of the Exchange server. When you come to purchase a trusted certificate you will not be able to include that name in there anyway.
Configure Exchange to use the external name internally as well using my guide here:
http://semb.ee/hostnames

If your CA goes away, then the certificate will become invalid. Ideally you should setup a new CA and request the new certificate with that.

As for a commercial certificate, when you can purchase them for less than $60/year (that is less than the cost of two Exchange CALs) it doesn't make much sense to use a self signed certificate.

Simon.
0
 

Author Comment

by:farrnate
ID: 39171944
Thanks for the advice!  Your answer really helps me argue the fact that self signed ssl's are not what we want in a small enterprise size business.  Especially as I will be pulling down that CA soon.  I hate to go through all the cert issues again when that happens.

Can you give me a link to good SAN/UCC cert vendor that is inexpensive and works well with Exchange?  I've done some reading and see that some certs need additional hand holding to get them imported (GoDaddy).

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39174554
I have a guide to the entire process on my web site here: http://semb.ee/ssl
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.

Simon.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question