Renew Exchange verisign cerificate for Exchange 2010 Edge server.

Hi Team, We are having 2 internal CAS/HUB & 2 Edge server in DMZ. We have migrated last year into 2010 enviornment hence the internal self signed certificates are valid till another four year.

Currently got an alert for external SSL certificaion (verisign) expiration date.

Kindly let me know just I can import new certificate & map .PFX in MMC--> personal --> certificate console & delete old certificate is enough for email send / recieve to / from inernet or anything else that I need like New edge subscription on both edge roles?

New edge config will restructure all config which I made in connectors.

We dont use third party SSL certifications for CAS related as we only using in internal purpose(only self-signed).

We got new cerficate from verisign based on SAN of our domain & Edge server name so in this case if replace with existing certificate will i give any other impact?

Thanks in advance.
LVL 26
Sekar ChinnakannuStaff EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent DyerIT Security Analyst SeniorCommented:
You should be able to leave the current certs in place.
You will be placing the new certs on top of the old.  Especially, if you find that the new certs have issue - like they mistyped the domain wrong or have an invalid date, etc.

You can use the mmc snap-in to manage the cert, but on the server, you will need to select machine instead of personal.
You may also need to update the certs on each of the devices as well as any load balancers and cluster devices - YMMV as some devices require the cert and others may not need it.
Sekar ChinnakannuStaff EngineerAuthor Commented:
Hi kdyer,

Thanks a lot for the quick response.

Apart from MMC--> machine is anywhere else do I need to perform anything in Exchange console side or services in EDGE role or internal HUB role.

To place on top on the old cert will it give any down-time for any replication process with new certificate date.

I have to only enable SMTP service for the new cert thumbprint.

This is only external SAN name based certificate for SSL TLS client authentication and hope not required any Edge-Subscription?

Hope edge-subscription will be in place at the time of self-signed cert expiration in EDGE or HUB roles is it?
Kent DyerIT Security Analyst SeniorCommented:
No downtime.  You are copying the cert in and placing the cert in place of the old cert.  You just tell the system to use the new cert,  Should be no reason to stop/start services, etc.

Each cert has a thumbprint and you will tell the system to use the new one.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.