Solved

Certificates needed for Exchange 2007 to 2010

Posted on 2013-11-25
10
302 Views
Last Modified: 2013-11-25
Good Morning Experts,

We have a Exchange 2007 Enviorment.  I have my new Exchange server 2010 server up along side of 2007.  Some of the users are getting SSL security warnings that are from the new Exchange server.  

My installing the needed certs was planned but here is what I don't understand.

Our full migration is happening over Christmas and then we will demote the 2007 Exhange.
We already have purchased the appropriate certifications for our 2007 server so do I need to purchase double if they are going to co-exist?  We already have a cert designated for our mail.domain.org so I am confused if I need to purchase additional certs for this limited time, or the alerts will just happen until I complete the migration process.  I am hopeful I can just transfer them over.

Thank you for your help.

Karen
0
Comment
Question by:klsphotos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674737
you do not need an additional cert if you are using the same name for what is registered on the cert. The cert does not cover servers it covers address spaces so you can use that cert on as many servers as you wish. I would also make sure your autodiscover address is included in the cert or uses the same name as what is on your cert as this is probably what is alerting.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 83 total points
ID: 39674776
What is happening is your Exchange 2007 has the installed cert but the co-existant exchange 2010 still has the default self-signed certificate.  You can install the cert on the 2010 but make sure the name spaces match.  Typically a UCC is used for exchange with the following urls.

Example

mail.domain.com
autodiscover.domain.com
domain.com
domain
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 83 total points
ID: 39674779
Ditto to NRhode, but may also need legacy.domain.com if you are doing OWA redirection and keeping the same name spaces.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:klsphotos
ID: 39674780
Will these "alerts" hurt anything to be coming up from the new server to our users until we move everything over?  Won't they just be annoying is the only hinderance?

I will check our cert, I believe it is a SAN cert.
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674781
The alerts do not hurt anything, just a warning and can be annoying is all.

I wanted to be clear that it sounds like you just need to copy your current cert to the new server, install it, and assign all services to it. this is a cert you purchased not self signed correct?
0
 

Author Comment

by:klsphotos
ID: 39674793
Yes, we purchased it but what i am fuzzy about is, since it's registered to the name space that we currently have live, I can't set it up on the new exchange since we haven't migrated over right?  Can't have it in two different servers and the new one isn't set up nor mailbox moved until December?

Hope that made sense.  They will co-exist, well they are now,  for a few days until I get all the moves done the day after Christmas.

Karen
0
 
LVL 9

Assisted Solution

by:Sean
Sean earned 334 total points
ID: 39674806
In order to migrate you will need to point everything to the new setup (2010) and have mail route from 2010 to 2007 if that user is still on 2007. So basically your CAS servers will be 2010 and your mail servers will be 2007. You can do this move gradually if you have the routing setup correctly.
0
 

Author Comment

by:klsphotos
ID: 39674839
Right I plan on routing everything right after Christmas then proceeding with the moves of the mailboxes, but wanted the new Exchange server up now to test performance (it's a virtual) and set up everything I possibly can prior to the change over.  It sounds like that is when I should install the certs and the alerts are not hurting anything in the mean time.  I didn't think we would have to purchase another one.
0
 
LVL 9

Accepted Solution

by:
Sean earned 334 total points
ID: 39674849
You can install the certs at any time. This will not hurt anything at all and could get rid of the alerts. The only thing that will affect routing is your send/receive connectors and your router.

you may want to run jetstress if your testing performance if this isn't want your using already :)

http://technet.microsoft.com/en-us/library/ff706601%28v=exchg.141%29.aspx
0
 

Author Closing Comment

by:klsphotos
ID: 39674942
Thank you so much everyone!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question