TomiPL
asked on
Exchange 2010 /SBS2011 Certificate
Hello,
I recently renewed SBS2011 self signed certificate with sbs console "fix my network". Everthing was ok until i replaced certificate with a trusted (entrust) certificate. I made the CSR for entrust from IIS and then imported it to Exchange and assigned all services to it.
Outside lan I can connect to iis remote.contoso.com and there is the trusted certificate. Inside lan outlook cannot connect, because it finds only old self signed certificate that was used before i renewed it. Same thing when from lan i connect to remote.contoso.com/owa there is also the old certificate.
I have tried with sbs console to change the certificate, but it always changes it for wan side of IIS. From exchange2010 console i have taken away this old certificate and still webmail and outlook from lan find old certificate. Autodiscover has srv record and pointing to remote.contoso.com
Any good ideas?
I recently renewed SBS2011 self signed certificate with sbs console "fix my network". Everthing was ok until i replaced certificate with a trusted (entrust) certificate. I made the CSR for entrust from IIS and then imported it to Exchange and assigned all services to it.
Outside lan I can connect to iis remote.contoso.com and there is the trusted certificate. Inside lan outlook cannot connect, because it finds only old self signed certificate that was used before i renewed it. Same thing when from lan i connect to remote.contoso.com/owa there is also the old certificate.
I have tried with sbs console to change the certificate, but it always changes it for wan side of IIS. From exchange2010 console i have taken away this old certificate and still webmail and outlook from lan find old certificate. Autodiscover has srv record and pointing to remote.contoso.com
Any good ideas?
S Z
open mmc on exchange - add the certificate snap-in for the local pc; search for the old/obsolete certificate -> delete it
ASKER
I deleted the old certificate in exchange console. Can't find it in certificate snap in either.
But still inside lan outlook and https://remote.contoso.com/owa finds old certificate.
With lan ip address https://192.168.10.10/owa IE finds right certificate. Could this be DNS related?
But still inside lan outlook and https://remote.contoso.com/owa finds old certificate.
With lan ip address https://192.168.10.10/owa IE finds right certificate. Could this be DNS related?
Your mistake was to enable the certificate through Exchange.
As this is SBS, you should have enabled the certificate throught the SBS management console.
You also shouldn't have done the request through IIS, instead use Exchange Management Console.
So the complete process is
New certificate request in EMC.
Complete certificate request in EMC.
Run the add a trusted certificate wizard and choose the trusted certificate.
There is no WAN/LAN side in IIS. It is all the same thing. Internally SBS will want to use remote.example.com if you have setup the server correctly.
If the trusted certificate is still listed, then complete the wizard as outlined.
Simon.
As this is SBS, you should have enabled the certificate throught the SBS management console.
You also shouldn't have done the request through IIS, instead use Exchange Management Console.
So the complete process is
New certificate request in EMC.
Complete certificate request in EMC.
Run the add a trusted certificate wizard and choose the trusted certificate.
There is no WAN/LAN side in IIS. It is all the same thing. Internally SBS will want to use remote.example.com if you have setup the server correctly.
If the trusted certificate is still listed, then complete the wizard as outlined.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i found the solution to problem my self