Solved

Certificates needed for Exchange 2007 to 2010

Posted on 2013-11-25
10
296 Views
Last Modified: 2013-11-25
Good Morning Experts,

We have a Exchange 2007 Enviorment.  I have my new Exchange server 2010 server up along side of 2007.  Some of the users are getting SSL security warnings that are from the new Exchange server.  

My installing the needed certs was planned but here is what I don't understand.

Our full migration is happening over Christmas and then we will demote the 2007 Exhange.
We already have purchased the appropriate certifications for our 2007 server so do I need to purchase double if they are going to co-exist?  We already have a cert designated for our mail.domain.org so I am confused if I need to purchase additional certs for this limited time, or the alerts will just happen until I complete the migration process.  I am hopeful I can just transfer them over.

Thank you for your help.

Karen
0
Comment
Question by:klsphotos
10 Comments
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674737
you do not need an additional cert if you are using the same name for what is registered on the cert. The cert does not cover servers it covers address spaces so you can use that cert on as many servers as you wish. I would also make sure your autodiscover address is included in the cert or uses the same name as what is on your cert as this is probably what is alerting.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 83 total points
ID: 39674776
What is happening is your Exchange 2007 has the installed cert but the co-existant exchange 2010 still has the default self-signed certificate.  You can install the cert on the 2010 but make sure the name spaces match.  Typically a UCC is used for exchange with the following urls.

Example

mail.domain.com
autodiscover.domain.com
domain.com
domain
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 83 total points
ID: 39674779
Ditto to NRhode, but may also need legacy.domain.com if you are doing OWA redirection and keeping the same name spaces.
0
 

Author Comment

by:klsphotos
ID: 39674780
Will these "alerts" hurt anything to be coming up from the new server to our users until we move everything over?  Won't they just be annoying is the only hinderance?

I will check our cert, I believe it is a SAN cert.
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674781
The alerts do not hurt anything, just a warning and can be annoying is all.

I wanted to be clear that it sounds like you just need to copy your current cert to the new server, install it, and assign all services to it. this is a cert you purchased not self signed correct?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:klsphotos
ID: 39674793
Yes, we purchased it but what i am fuzzy about is, since it's registered to the name space that we currently have live, I can't set it up on the new exchange since we haven't migrated over right?  Can't have it in two different servers and the new one isn't set up nor mailbox moved until December?

Hope that made sense.  They will co-exist, well they are now,  for a few days until I get all the moves done the day after Christmas.

Karen
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674806
In order to migrate you will need to point everything to the new setup (2010) and have mail route from 2010 to 2007 if that user is still on 2007. So basically your CAS servers will be 2010 and your mail servers will be 2007. You can do this move gradually if you have the routing setup correctly.
0
 

Author Comment

by:klsphotos
ID: 39674839
Right I plan on routing everything right after Christmas then proceeding with the moves of the mailboxes, but wanted the new Exchange server up now to test performance (it's a virtual) and set up everything I possibly can prior to the change over.  It sounds like that is when I should install the certs and the alerts are not hurting anything in the mean time.  I didn't think we would have to purchase another one.
0
 
LVL 9

Accepted Solution

by:
Sean earned 334 total points
ID: 39674849
You can install the certs at any time. This will not hurt anything at all and could get rid of the alerts. The only thing that will affect routing is your send/receive connectors and your router.

you may want to run jetstress if your testing performance if this isn't want your using already :)

http://technet.microsoft.com/en-us/library/ff706601%28v=exchg.141%29.aspx
0
 

Author Closing Comment

by:klsphotos
ID: 39674942
Thank you so much everyone!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now