Link to home
Start Free TrialLog in
Avatar of Sekar Chinnakannu
Sekar ChinnakannuFlag for Singapore

asked on

Renew Exchange verisign cerificate for Exchange 2010 Edge server.

Hi Team, We are having 2 internal CAS/HUB & 2 Edge server in DMZ. We have migrated last year into 2010 enviornment hence the internal self signed certificates are valid till another four year.

Currently got an alert for external SSL certificaion (verisign) expiration date.

Kindly let me know just I can import new certificate & map .PFX in MMC--> personal --> certificate console & delete old certificate is enough for email send / recieve to / from inernet or anything else that I need like New edge subscription on both edge roles?

New edge config will restructure all config which I made in connectors.

We dont use third party SSL certifications for CAS related as we only using in internal purpose(only self-signed).

We got new cerficate from verisign based on SAN of our domain & Edge server name so in this case if replace with existing certificate will i give any other impact?

Thanks in advance.
Avatar of Kent Dyer
Kent Dyer
Flag of United States of America image

You should be able to leave the current certs in place.
You will be placing the new certs on top of the old.  Especially, if you find that the new certs have issue - like they mistyped the domain wrong or have an invalid date, etc.

You can use the mmc snap-in to manage the cert, but on the server, you will need to select machine instead of personal.
You may also need to update the certs on each of the devices as well as any load balancers and cluster devices - YMMV as some devices require the cert and others may not need it.
Avatar of Sekar Chinnakannu

ASKER

Hi kdyer,

Thanks a lot for the quick response.

Apart from MMC--> machine is anywhere else do I need to perform anything in Exchange console side or services in EDGE role or internal HUB role.

To place on top on the old cert will it give any down-time for any replication process with new certificate date.

I have to only enable SMTP service for the new cert thumbprint.

This is only external SAN name based certificate for SSL TLS client authentication and hope not required any Edge-Subscription?

Hope edge-subscription will be in place at the time of self-signed cert expiration in EDGE or HUB roles is it?
ASKER CERTIFIED SOLUTION
Avatar of Kent Dyer
Kent Dyer
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial