• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 802
  • Last Modified:

Renew Exchange Server 2010 ssl certificate with larger key length

Hi

I need to renew the SSL on my exchange server but it currently has a 1024bit key length.

I have 80 external users connecting over https so cannot afford to just remove the cert and recreate a new one as presumably it will involve having to install the new cert on all the remote users?

If this is the case what are the steps to renew my current cert but with a larger key length.

thanks

Tim
0
timb551
Asked:
timb551
  • 4
  • 3
2 Solutions
 
mumbaiexpertsCommented:
Hi, kindly foloow the below links and increase the key size first and then renew the certificates.Increase the key size with the help of the below mentioned articles

http://www.geocerts.com/support/iis_upgrade_key_size,
https://support.quovadisglobal.com/KB/a88/how-to-increase-your-csr-key-size-on-microsoft-iis.aspx.

Once complete the above process renew the certificate with the help of this article.
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html

Thanks.
0
 
timb551Author Commented:
Im using iis7 is there a guide for that or do I need to try and follow as best I can to the iis6 one.
0
 
Simon Butler (Sembee)ConsultantCommented:
Don't bother with IIS.
Do the certificate request through Exchange 2010 using its wizard and complete the request on Exchange as well.
Until you enable the certificate, nothing will change for the clients.
That is the safest way.

Simon.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
timb551Author Commented:
Do you mean create a new request through exchange? rather than a renewal.
0
 
Simon Butler (Sembee)ConsultantCommented:
Correct.
That will mean putting all of the information in again, but that will allow you to do the request in such a way that it doesn't interfere with the live certificate.

Simon.
0
 
timb551Author Commented:
But when i swap to the new one will i need to install the new cert on all the clients that currently connect.
0
 
Simon Butler (Sembee)ConsultantCommented:
No.
That is why you use a commercial trusted certificate, because you don't have to install it on the clients. It is the same certificate type as used by your Bank, Amazon et al. They don't require you to install their certificate.

Simon.
0
 
timb551Author Commented:
ok thats great, thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now