Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 307
  • Last Modified:

Certificates needed for Exchange 2007 to 2010

Good Morning Experts,

We have a Exchange 2007 Enviorment.  I have my new Exchange server 2010 server up along side of 2007.  Some of the users are getting SSL security warnings that are from the new Exchange server.  

My installing the needed certs was planned but here is what I don't understand.

Our full migration is happening over Christmas and then we will demote the 2007 Exhange.
We already have purchased the appropriate certifications for our 2007 server so do I need to purchase double if they are going to co-exist?  We already have a cert designated for our mail.domain.org so I am confused if I need to purchase additional certs for this limited time, or the alerts will just happen until I complete the migration process.  I am hopeful I can just transfer them over.

Thank you for your help.

Karen
0
klsphotos
Asked:
klsphotos
6 Solutions
 
SeanSystem EngineerCommented:
you do not need an additional cert if you are using the same name for what is registered on the cert. The cert does not cover servers it covers address spaces so you can use that cert on as many servers as you wish. I would also make sure your autodiscover address is included in the cert or uses the same name as what is on your cert as this is probably what is alerting.
0
 
Nick RhodeIT DirectorCommented:
What is happening is your Exchange 2007 has the installed cert but the co-existant exchange 2010 still has the default self-signed certificate.  You can install the cert on the 2010 but make sure the name spaces match.  Typically a UCC is used for exchange with the following urls.

Example

mail.domain.com
autodiscover.domain.com
domain.com
domain
0
 
Gareth GudgerCommented:
Ditto to NRhode, but may also need legacy.domain.com if you are doing OWA redirection and keeping the same name spaces.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
klsphotosAuthor Commented:
Will these "alerts" hurt anything to be coming up from the new server to our users until we move everything over?  Won't they just be annoying is the only hinderance?

I will check our cert, I believe it is a SAN cert.
0
 
SeanSystem EngineerCommented:
The alerts do not hurt anything, just a warning and can be annoying is all.

I wanted to be clear that it sounds like you just need to copy your current cert to the new server, install it, and assign all services to it. this is a cert you purchased not self signed correct?
0
 
klsphotosAuthor Commented:
Yes, we purchased it but what i am fuzzy about is, since it's registered to the name space that we currently have live, I can't set it up on the new exchange since we haven't migrated over right?  Can't have it in two different servers and the new one isn't set up nor mailbox moved until December?

Hope that made sense.  They will co-exist, well they are now,  for a few days until I get all the moves done the day after Christmas.

Karen
0
 
SeanSystem EngineerCommented:
In order to migrate you will need to point everything to the new setup (2010) and have mail route from 2010 to 2007 if that user is still on 2007. So basically your CAS servers will be 2010 and your mail servers will be 2007. You can do this move gradually if you have the routing setup correctly.
0
 
klsphotosAuthor Commented:
Right I plan on routing everything right after Christmas then proceeding with the moves of the mailboxes, but wanted the new Exchange server up now to test performance (it's a virtual) and set up everything I possibly can prior to the change over.  It sounds like that is when I should install the certs and the alerts are not hurting anything in the mean time.  I didn't think we would have to purchase another one.
0
 
SeanSystem EngineerCommented:
You can install the certs at any time. This will not hurt anything at all and could get rid of the alerts. The only thing that will affect routing is your send/receive connectors and your router.

you may want to run jetstress if your testing performance if this isn't want your using already :)

http://technet.microsoft.com/en-us/library/ff706601%28v=exchg.141%29.aspx
0
 
klsphotosAuthor Commented:
Thank you so much everyone!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now