Solved

Self-Signed SSL Disappears

Posted on 2013-12-29
8
418 Views
Last Modified: 2014-02-05
Hello,

I am trying to create a self-signed SSL in Exchange 2010 for servname.domain,local because GoDaddy says that .locals are not assigned on their SANS.

I go through the steps at https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx and get to step 22.  Once I complete the step, the SSL disappears.

Any ideas?

Thanks for your help and have a great day,

Don
0
Comment
Question by:GEMCC
8 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 39744522
Have you Selected WebServer Templet while creating certificate at Step 19?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39744566
Are you able to view certificate in computer personnel store on exchange server ?

Mahesh
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 39744684
Its not just GoDaddy. As of 2015, no local addresses can be used on SAN certificates any more.

I don't use two certificates myself. Its much easier to just configure the Internal URLs to the same address as what the External URLs use. Then use split brain DNS internally, where you create a non-authoritative zone for your external namespace on your internal DNS servers. Then create A records for your External URLs but use the local internal IPs.

Then you don't have to worry about managing two certificates, or, using a self signed certificate. It just becomes so quick and easy DNS trickery. :)
0
 

Author Comment

by:GEMCC
ID: 39745288
Hello,

I know step 19 says Choose Template : WebServer, but there is not anywhere to do this on the screenshot or on my server. . Actually, comparing the screenshots to my server, I do not get what is displayed in step 18 at all.  On my server, the process goes from what is showing in step 17 directly to step 19.  After that, all of the screenshots match my server.  My not getting step 18, is that the issue?  How do I fix it if that is the issue?

I do not know where the computer personal store is located nor view it.

Thanks for your help,

Don
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39745601
I have gone through URL you are following, you are using Standalone root CA most probably, its not a self signed certificate. You will get certificate issued by internal CA
Self signed certificate is the one which is getting installed by default by Exchange server itself during initial installation

I suggest you to generate your request through custom request from certificate MMC console on Exchange server
Please follow below article step by step
http://social.technet.microsoft.com/wiki/contents/articles/10377.create-a-certificate-request-using-microsoft-management-console-mmc.aspx

Prior to generate request, just export copy of root CA certificate from CA server and install it on Exchange servers under trusted root certification authorities
You need to open CA console, right click CA server, go to properties, on general tab you will find option to export root CA cert.
Once exported, follow below link to install it on Exchange servers.
http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Mahesh
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39745823
Simplest way to make certs is going to be XCA - instructions here if you need them - then save as a PFX (pkcs#12) and import :)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39745886
To echo the above - the simple option is to not use the internal host name at all.
Change Exchange to use the external host name everywhere.
http://semb.ee/hostnames

Then if you are still getting prompts in Exchange about the TLS certificate run new-exchangecertificate (no paramaters) and then accept the prompt, which will generate a new internal certificate that Exchange will use for SMTP traffic.

Simon.
0
 

Author Closing Comment

by:GEMCC
ID: 39837923
Worked
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now