Solved

Self-Signed SSL Disappears

Posted on 2013-12-29
8
436 Views
Last Modified: 2014-02-05
Hello,

I am trying to create a self-signed SSL in Exchange 2010 for servname.domain,local because GoDaddy says that .locals are not assigned on their SANS.

I go through the steps at https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx and get to step 22.  Once I complete the step, the SSL disappears.

Any ideas?

Thanks for your help and have a great day,

Don
0
Comment
Question by:GEMCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 39744522
Have you Selected WebServer Templet while creating certificate at Step 19?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39744566
Are you able to view certificate in computer personnel store on exchange server ?

Mahesh
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39744684
Its not just GoDaddy. As of 2015, no local addresses can be used on SAN certificates any more.

I don't use two certificates myself. Its much easier to just configure the Internal URLs to the same address as what the External URLs use. Then use split brain DNS internally, where you create a non-authoritative zone for your external namespace on your internal DNS servers. Then create A records for your External URLs but use the local internal IPs.

Then you don't have to worry about managing two certificates, or, using a self signed certificate. It just becomes so quick and easy DNS trickery. :)
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 

Author Comment

by:GEMCC
ID: 39745288
Hello,

I know step 19 says Choose Template : WebServer, but there is not anywhere to do this on the screenshot or on my server. . Actually, comparing the screenshots to my server, I do not get what is displayed in step 18 at all.  On my server, the process goes from what is showing in step 17 directly to step 19.  After that, all of the screenshots match my server.  My not getting step 18, is that the issue?  How do I fix it if that is the issue?

I do not know where the computer personal store is located nor view it.

Thanks for your help,

Don
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39745601
I have gone through URL you are following, you are using Standalone root CA most probably, its not a self signed certificate. You will get certificate issued by internal CA
Self signed certificate is the one which is getting installed by default by Exchange server itself during initial installation

I suggest you to generate your request through custom request from certificate MMC console on Exchange server
Please follow below article step by step
http://social.technet.microsoft.com/wiki/contents/articles/10377.create-a-certificate-request-using-microsoft-management-console-mmc.aspx

Prior to generate request, just export copy of root CA certificate from CA server and install it on Exchange servers under trusted root certification authorities
You need to open CA console, right click CA server, go to properties, on general tab you will find option to export root CA cert.
Once exported, follow below link to install it on Exchange servers.
http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Mahesh
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39745823
Simplest way to make certs is going to be XCA - instructions here if you need them - then save as a PFX (pkcs#12) and import :)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39745886
To echo the above - the simple option is to not use the internal host name at all.
Change Exchange to use the external host name everywhere.
http://semb.ee/hostnames

Then if you are still getting prompts in Exchange about the TLS certificate run new-exchangecertificate (no paramaters) and then accept the prompt, which will generate a new internal certificate that Exchange will use for SMTP traffic.

Simon.
0
 

Author Closing Comment

by:GEMCC
ID: 39837923
Worked
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question