Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

Self-Signed SSL Disappears

Hello,

I am trying to create a self-signed SSL in Exchange 2010 for servname.domain,local because GoDaddy says that .locals are not assigned on their SANS.

I go through the steps at https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx and get to step 22.  Once I complete the step, the SSL disappears.

Any ideas?

Thanks for your help and have a great day,

Don
0
GEMCC
Asked:
GEMCC
1 Solution
 
Shreedhar EtteCommented:
Have you Selected WebServer Templet while creating certificate at Step 19?
0
 
MaheshArchitectCommented:
Are you able to view certificate in computer personnel store on exchange server ?

Mahesh
0
 
Gareth GudgerCommented:
Its not just GoDaddy. As of 2015, no local addresses can be used on SAN certificates any more.

I don't use two certificates myself. Its much easier to just configure the Internal URLs to the same address as what the External URLs use. Then use split brain DNS internally, where you create a non-authoritative zone for your external namespace on your internal DNS servers. Then create A records for your External URLs but use the local internal IPs.

Then you don't have to worry about managing two certificates, or, using a self signed certificate. It just becomes so quick and easy DNS trickery. :)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
GEMCCAuthor Commented:
Hello,

I know step 19 says Choose Template : WebServer, but there is not anywhere to do this on the screenshot or on my server. . Actually, comparing the screenshots to my server, I do not get what is displayed in step 18 at all.  On my server, the process goes from what is showing in step 17 directly to step 19.  After that, all of the screenshots match my server.  My not getting step 18, is that the issue?  How do I fix it if that is the issue?

I do not know where the computer personal store is located nor view it.

Thanks for your help,

Don
0
 
MaheshArchitectCommented:
I have gone through URL you are following, you are using Standalone root CA most probably, its not a self signed certificate. You will get certificate issued by internal CA
Self signed certificate is the one which is getting installed by default by Exchange server itself during initial installation

I suggest you to generate your request through custom request from certificate MMC console on Exchange server
Please follow below article step by step
http://social.technet.microsoft.com/wiki/contents/articles/10377.create-a-certificate-request-using-microsoft-management-console-mmc.aspx

Prior to generate request, just export copy of root CA certificate from CA server and install it on Exchange servers under trusted root certification authorities
You need to open CA console, right click CA server, go to properties, on general tab you will find option to export root CA cert.
Once exported, follow below link to install it on Exchange servers.
http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx

Mahesh
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Simplest way to make certs is going to be XCA - instructions here if you need them - then save as a PFX (pkcs#12) and import :)
0
 
Simon Butler (Sembee)ConsultantCommented:
To echo the above - the simple option is to not use the internal host name at all.
Change Exchange to use the external host name everywhere.
http://semb.ee/hostnames

Then if you are still getting prompts in Exchange about the TLS certificate run new-exchangecertificate (no paramaters) and then accept the prompt, which will generate a new internal certificate that Exchange will use for SMTP traffic.

Simon.
0
 
GEMCCAuthor Commented:
Worked
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now