Glocap
asked on
EXCHANGE SSL certificate
Dear all,
We had bought a SSL certificate from go daddy and installed it on our exchange 2007 server.
it is about to expire on oct 12,2013. we have setup auto renewal of the certificate in go daddy.
Do i need to buy a new certificate and install it or the previous certificate will be good enough provided we pay go daddy to renew the cert for 3 more years?
We had bought a SSL certificate from go daddy and installed it on our exchange 2007 server.
it is about to expire on oct 12,2013. we have setup auto renewal of the certificate in go daddy.
Do i need to buy a new certificate and install it or the previous certificate will be good enough provided we pay go daddy to renew the cert for 3 more years?
Nick Rhode
You would just run the renewal on the exchange server for that will expire also.
You need to first create a new CSR, send it to Godaddy, get the cert, remove old cert, import new cert, assign services you are done. Follow steps here
http://blogs.technet.com/b/sjimmie/archive/2010/05/11/renewing-ssl-certificates-on-exchange-server-2007.aspx
http://blogs.technet.com/b/sjimmie/archive/2010/05/11/renewing-ssl-certificates-on-exchange-server-2007.aspx
go daddy support people are usually very good at walking you through the whole process as well as your options. If you do not already have SAN certificate, you may want to consider that to address the growing needs of SSL and for when you upgrade to 2010/2013.
You will need to go through the process to renew and update the certificate on the server. It is an easy process.
If your local network domain is xxx.local as many have done in the past, you will also have to address how to handle that, since no CAs will issue .local certs that go past 2015. go daddy support can explain that in detail as well.
You will need to go through the process to renew and update the certificate on the server. It is an easy process.
If your local network domain is xxx.local as many have done in the past, you will also have to address how to handle that, since no CAs will issue .local certs that go past 2015. go daddy support can explain that in detail as well.
"get the cert, remove old cert, import new cert"
I don't agree there. You can install the new certificate without removing the old. That way there is no downtime.
So new CSR (you cannot use the old one), put in the GoDaddy system, download replacement, complete the request. Then activate services and remove the old certificate. You will not need to install the interemediate certificate again.
Simon.
I don't agree there. You can install the new certificate without removing the old. That way there is no downtime.
So new CSR (you cannot use the old one), put in the GoDaddy system, download replacement, complete the request. Then activate services and remove the old certificate. You will not need to install the interemediate certificate again.
Simon.
ASKER
is this renewal process seamless or does it affect end users with emails configured on cell phones.
AS long as the same common name is used on the new certificate as the old one, the only downtime is when you run IISRESET for the new certificate to apply. The users don't notice a thing.
Simon.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.