Solved

Certificates needed for Exchange 2007 to 2010

Posted on 2013-11-25
10
300 Views
Last Modified: 2013-11-25
Good Morning Experts,

We have a Exchange 2007 Enviorment.  I have my new Exchange server 2010 server up along side of 2007.  Some of the users are getting SSL security warnings that are from the new Exchange server.  

My installing the needed certs was planned but here is what I don't understand.

Our full migration is happening over Christmas and then we will demote the 2007 Exhange.
We already have purchased the appropriate certifications for our 2007 server so do I need to purchase double if they are going to co-exist?  We already have a cert designated for our mail.domain.org so I am confused if I need to purchase additional certs for this limited time, or the alerts will just happen until I complete the migration process.  I am hopeful I can just transfer them over.

Thank you for your help.

Karen
0
Comment
Question by:klsphotos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674737
you do not need an additional cert if you are using the same name for what is registered on the cert. The cert does not cover servers it covers address spaces so you can use that cert on as many servers as you wish. I would also make sure your autodiscover address is included in the cert or uses the same name as what is on your cert as this is probably what is alerting.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 83 total points
ID: 39674776
What is happening is your Exchange 2007 has the installed cert but the co-existant exchange 2010 still has the default self-signed certificate.  You can install the cert on the 2010 but make sure the name spaces match.  Typically a UCC is used for exchange with the following urls.

Example

mail.domain.com
autodiscover.domain.com
domain.com
domain
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 83 total points
ID: 39674779
Ditto to NRhode, but may also need legacy.domain.com if you are doing OWA redirection and keeping the same name spaces.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:klsphotos
ID: 39674780
Will these "alerts" hurt anything to be coming up from the new server to our users until we move everything over?  Won't they just be annoying is the only hinderance?

I will check our cert, I believe it is a SAN cert.
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674781
The alerts do not hurt anything, just a warning and can be annoying is all.

I wanted to be clear that it sounds like you just need to copy your current cert to the new server, install it, and assign all services to it. this is a cert you purchased not self signed correct?
0
 

Author Comment

by:klsphotos
ID: 39674793
Yes, we purchased it but what i am fuzzy about is, since it's registered to the name space that we currently have live, I can't set it up on the new exchange since we haven't migrated over right?  Can't have it in two different servers and the new one isn't set up nor mailbox moved until December?

Hope that made sense.  They will co-exist, well they are now,  for a few days until I get all the moves done the day after Christmas.

Karen
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674806
In order to migrate you will need to point everything to the new setup (2010) and have mail route from 2010 to 2007 if that user is still on 2007. So basically your CAS servers will be 2010 and your mail servers will be 2007. You can do this move gradually if you have the routing setup correctly.
0
 

Author Comment

by:klsphotos
ID: 39674839
Right I plan on routing everything right after Christmas then proceeding with the moves of the mailboxes, but wanted the new Exchange server up now to test performance (it's a virtual) and set up everything I possibly can prior to the change over.  It sounds like that is when I should install the certs and the alerts are not hurting anything in the mean time.  I didn't think we would have to purchase another one.
0
 
LVL 9

Accepted Solution

by:
Sean earned 334 total points
ID: 39674849
You can install the certs at any time. This will not hurt anything at all and could get rid of the alerts. The only thing that will affect routing is your send/receive connectors and your router.

you may want to run jetstress if your testing performance if this isn't want your using already :)

http://technet.microsoft.com/en-us/library/ff706601%28v=exchg.141%29.aspx
0
 

Author Closing Comment

by:klsphotos
ID: 39674942
Thank you so much everyone!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
outlook, autodiscover 1 59
Cannot transfer Outlook autocomplete file to a new Exchange profile 4 42
office 365 5 41
MS Exchange 2016 license 5 35
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question