Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Self-Signed SSL Disappears

Posted on 2013-12-29
8
Medium Priority
?
439 Views
Last Modified: 2014-02-05
Hello,

I am trying to create a self-signed SSL in Exchange 2010 for servname.domain,local because GoDaddy says that .locals are not assigned on their SANS.

I go through the steps at https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx and get to step 22.  Once I complete the step, the SSL disappears.

Any ideas?

Thanks for your help and have a great day,

Don
0
Comment
Question by:GEMCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 39744522
Have you Selected WebServer Templet while creating certificate at Step 19?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39744566
Are you able to view certificate in computer personnel store on exchange server ?

Mahesh
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39744684
Its not just GoDaddy. As of 2015, no local addresses can be used on SAN certificates any more.

I don't use two certificates myself. Its much easier to just configure the Internal URLs to the same address as what the External URLs use. Then use split brain DNS internally, where you create a non-authoritative zone for your external namespace on your internal DNS servers. Then create A records for your External URLs but use the local internal IPs.

Then you don't have to worry about managing two certificates, or, using a self signed certificate. It just becomes so quick and easy DNS trickery. :)
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:GEMCC
ID: 39745288
Hello,

I know step 19 says Choose Template : WebServer, but there is not anywhere to do this on the screenshot or on my server. . Actually, comparing the screenshots to my server, I do not get what is displayed in step 18 at all.  On my server, the process goes from what is showing in step 17 directly to step 19.  After that, all of the screenshots match my server.  My not getting step 18, is that the issue?  How do I fix it if that is the issue?

I do not know where the computer personal store is located nor view it.

Thanks for your help,

Don
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39745601
I have gone through URL you are following, you are using Standalone root CA most probably, its not a self signed certificate. You will get certificate issued by internal CA
Self signed certificate is the one which is getting installed by default by Exchange server itself during initial installation

I suggest you to generate your request through custom request from certificate MMC console on Exchange server
Please follow below article step by step
http://social.technet.microsoft.com/wiki/contents/articles/10377.create-a-certificate-request-using-microsoft-management-console-mmc.aspx

Prior to generate request, just export copy of root CA certificate from CA server and install it on Exchange servers under trusted root certification authorities
You need to open CA console, right click CA server, go to properties, on general tab you will find option to export root CA cert.
Once exported, follow below link to install it on Exchange servers.
http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Mahesh
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39745823
Simplest way to make certs is going to be XCA - instructions here if you need them - then save as a PFX (pkcs#12) and import :)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39745886
To echo the above - the simple option is to not use the internal host name at all.
Change Exchange to use the external host name everywhere.
http://semb.ee/hostnames

Then if you are still getting prompts in Exchange about the TLS certificate run new-exchangecertificate (no paramaters) and then accept the prompt, which will generate a new internal certificate that Exchange will use for SMTP traffic.

Simon.
0
 

Author Closing Comment

by:GEMCC
ID: 39837923
Worked
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question