Renew Exchange Server 2010 ssl certificate with larger key length

Posted on 2013-06-06
Last Modified: 2013-06-07

I need to renew the SSL on my exchange server but it currently has a 1024bit key length.

I have 80 external users connecting over https so cannot afford to just remove the cert and recreate a new one as presumably it will involve having to install the new cert on all the remote users?

If this is the case what are the steps to renew my current cert but with a larger key length.


Question by:timb551
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Expert Comment

ID: 39225489
Hi, kindly foloow the below links and increase the key size first and then renew the certificates.Increase the key size with the help of the below mentioned articles,

Once complete the above process renew the certificate with the help of this article.


Author Comment

ID: 39225546
Im using iis7 is there a guide for that or do I need to try and follow as best I can to the iis6 one.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 39227356
Don't bother with IIS.
Do the certificate request through Exchange 2010 using its wizard and complete the request on Exchange as well.
Until you enable the certificate, nothing will change for the clients.
That is the safest way.

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 39228348
Do you mean create a new request through exchange? rather than a renewal.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39228456
That will mean putting all of the information in again, but that will allow you to do the request in such a way that it doesn't interfere with the live certificate.


Author Comment

ID: 39228463
But when i swap to the new one will i need to install the new cert on all the clients that currently connect.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39228467
That is why you use a commercial trusted certificate, because you don't have to install it on the clients. It is the same certificate type as used by your Bank, Amazon et al. They don't require you to install their certificate.


Author Comment

ID: 39228469
ok thats great, thanks

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month5 days, 11 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question