Solved

Renew Exchange Server 2010 ssl certificate with larger key length

Posted on 2013-06-06
8
774 Views
Last Modified: 2013-06-07
Hi

I need to renew the SSL on my exchange server but it currently has a 1024bit key length.

I have 80 external users connecting over https so cannot afford to just remove the cert and recreate a new one as presumably it will involve having to install the new cert on all the remote users?

If this is the case what are the steps to renew my current cert but with a larger key length.

thanks

Tim
0
Comment
Question by:timb551
  • 4
  • 3
8 Comments
 
LVL 4

Expert Comment

by:mumbaiexperts
ID: 39225489
Hi, kindly foloow the below links and increase the key size first and then renew the certificates.Increase the key size with the help of the below mentioned articles

http://www.geocerts.com/support/iis_upgrade_key_size,
https://support.quovadisglobal.com/KB/a88/how-to-increase-your-csr-key-size-on-microsoft-iis.aspx.

Once complete the above process renew the certificate with the help of this article.
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

Thanks.
0
 

Author Comment

by:timb551
ID: 39225546
Im using iis7 is there a guide for that or do I need to try and follow as best I can to the iis6 one.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39227356
Don't bother with IIS.
Do the certificate request through Exchange 2010 using its wizard and complete the request on Exchange as well.
Until you enable the certificate, nothing will change for the clients.
That is the safest way.

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:timb551
ID: 39228348
Do you mean create a new request through exchange? rather than a renewal.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39228456
Correct.
That will mean putting all of the information in again, but that will allow you to do the request in such a way that it doesn't interfere with the live certificate.

Simon.
0
 

Author Comment

by:timb551
ID: 39228463
But when i swap to the new one will i need to install the new cert on all the clients that currently connect.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39228467
No.
That is why you use a commercial trusted certificate, because you don't have to install it on the clients. It is the same certificate type as used by your Bank, Amazon et al. They don't require you to install their certificate.

Simon.
0
 

Author Comment

by:timb551
ID: 39228469
ok thats great, thanks
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question