Solved

Self-Signed SSL Disappears

Posted on 2013-12-29
8
426 Views
Last Modified: 2014-02-05
Hello,

I am trying to create a self-signed SSL in Exchange 2010 for servname.domain,local because GoDaddy says that .locals are not assigned on their SANS.

I go through the steps at https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx and get to step 22.  Once I complete the step, the SSL disappears.

Any ideas?

Thanks for your help and have a great day,

Don
0
Comment
Question by:GEMCC
8 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 39744522
Have you Selected WebServer Templet while creating certificate at Step 19?
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39744566
Are you able to view certificate in computer personnel store on exchange server ?

Mahesh
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39744684
Its not just GoDaddy. As of 2015, no local addresses can be used on SAN certificates any more.

I don't use two certificates myself. Its much easier to just configure the Internal URLs to the same address as what the External URLs use. Then use split brain DNS internally, where you create a non-authoritative zone for your external namespace on your internal DNS servers. Then create A records for your External URLs but use the local internal IPs.

Then you don't have to worry about managing two certificates, or, using a self signed certificate. It just becomes so quick and easy DNS trickery. :)
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:GEMCC
ID: 39745288
Hello,

I know step 19 says Choose Template : WebServer, but there is not anywhere to do this on the screenshot or on my server. . Actually, comparing the screenshots to my server, I do not get what is displayed in step 18 at all.  On my server, the process goes from what is showing in step 17 directly to step 19.  After that, all of the screenshots match my server.  My not getting step 18, is that the issue?  How do I fix it if that is the issue?

I do not know where the computer personal store is located nor view it.

Thanks for your help,

Don
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39745601
I have gone through URL you are following, you are using Standalone root CA most probably, its not a self signed certificate. You will get certificate issued by internal CA
Self signed certificate is the one which is getting installed by default by Exchange server itself during initial installation

I suggest you to generate your request through custom request from certificate MMC console on Exchange server
Please follow below article step by step
http://social.technet.microsoft.com/wiki/contents/articles/10377.create-a-certificate-request-using-microsoft-management-console-mmc.aspx

Prior to generate request, just export copy of root CA certificate from CA server and install it on Exchange servers under trusted root certification authorities
You need to open CA console, right click CA server, go to properties, on general tab you will find option to export root CA cert.
Once exported, follow below link to install it on Exchange servers.
http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Mahesh
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39745823
Simplest way to make certs is going to be XCA - instructions here if you need them - then save as a PFX (pkcs#12) and import :)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39745886
To echo the above - the simple option is to not use the internal host name at all.
Change Exchange to use the external host name everywhere.
http://semb.ee/hostnames

Then if you are still getting prompts in Exchange about the TLS certificate run new-exchangecertificate (no paramaters) and then accept the prompt, which will generate a new internal certificate that Exchange will use for SMTP traffic.

Simon.
0
 

Author Closing Comment

by:GEMCC
ID: 39837923
Worked
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This video discusses moving either the default database or any database to a new volume.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question