Solved

SBS2011 - Exchange 2010 Certificates - Driving me Nuts!!!!

Posted on 2014-01-14
17
2,865 Views
Last Modified: 2014-01-15
Hi All.

We have an on-going issue with Exchange 2010 certificates on one of our clients servers
(We are treading cautiously as SSL on Exchange is new to us)

We have a Godaddy SSL cert that has been working fine and we want to renew it.

We have at this point renewed the SSL at Godaddy with the original CSR and have downloaded it ready to install.

Following these instructions from TechNet:

Use the EMC to renew an Exchange certificate

1. In the console tree, click Server Configuration.  - DONE

2. Select the server that contains the certificate, and then select the certificate you want to renew.  - DONE

3. In the action pane, click Renew Exchange Certificate.  - DONE

4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.

HERE - when you select Renew Exchange Certificate the wizard opens with:
Specify the name of the request file in the box below..... The name must end with the extension ".req"

and its here this is driving me nuts.

I appreciate I may need to submit a new CSR, but what is this .req and how do I use this in renewing the SSL certificate.

Other instructions I have found state that at this point you should be able to select the new certificate, but I cannot.

If I follow this wizard it creates this .REQ file but if I open it with notepad there is no valid CSR data that I can see - however it does create a temporary certificate in the Exchange Certificates that states - something like (Sorry I have deleted it now) continue process pending request.

Can anyone help at all please.

Thank you
Regards
Andy
0
Comment
Question by:AndyKeen
  • 9
  • 3
  • 2
  • +2
17 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
If you already have the new certificate from go-daddy simply import it, then assign the services to it, then remove the old certificate
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Hi Pete.

Thank you for that.

Due to caution and lack of experience, I am not sure how to import it and from where.

I can see in the EMC there is an 'import exchange certificate'

If I run this wizard it is asking for a file location (Fine) and a password that the certificate does not have.

Or do I import it else where.

Thank you
Andy
0
 
LVL 24

Expert Comment

by:-MAS
Comment Utility
if your file is not listed change the file type to "all" then you can see your cetificate.
Password you can type your admin password.

Please check this
https://www.geocerts.com/install/exchange_2010

if you have any doubt please let us know
0
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 150 total points
Comment Utility
1. You need to open the IIS Manager (Start -> Run -> inetmgr.exe)

2. Click on your server, go to "Server Certificates" under "IIS", then right click and choose "Complete Certificate Request"

3. Select your .CRT file that you got from GoDaddy, give it a name and the certificate will be added to the list.

4. Open EMC, click on "Server Configuration", right click your certificate and click "Assign Services to Certificate".

That should do.
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
HI Mas.

Thank you for your help.

Specifying the Admin password did the trick - however following the wizard which completed successfully - I CANNOT see the new certificate listed in exchange - only the original certificates are visible.

I have quick exchange and re-opened it and also refreshed the screen - still no Joy.

Any ideas please
Thank you
Andy
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Hi Lior.

Thank you for your help.

Really confused now - I thought this was all done through EMC.

Anyhow - Do I click the EXISTING GoDaddy certificate in that location and complete the 'Complete certificate request' and navigate to the certificate I have already renewed from GoDaddy or.. something else...

Thank you
0
 
LVL 17

Expert Comment

by:Lior Karasenti
Comment Utility
No, right click an empty space.
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Thanks Lior.

OK done that and its shown up in Exchange.

I am in the process of assigning services to the certificate and it has come up with the following warning:

Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.

What do I do here please.

Thank you
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 350 total points
Comment Utility
As this is SBS 2011 you shouldn't be doing anything with certificates in Exchange.
The posters above are treating the SBS implementation as full product, which is wrong.

Use the wizard in SBS management console. In there is an SSL wizard, run that, selecting the option to use an existing certificate. The wizard will do everything for you.

Back to the top of the question - the initial error was using an existing CSR - you cannot do that with IIS. You should have created a new CSR.

Simon.
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Thanks Lior.

OK done that and its shown up in Exchange.

I am in the process of assigning services to the certificate and it has come up with the following warning:

Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.

What do I do here please.

Thank you
0
 
LVL 17

Expert Comment

by:Lior Karasenti
Comment Utility
Click No, and run the command that appears under "Exchange Management Shell command completed" with "-DoNotRequireSSL" at the end from EMS.
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Hi Simon - Thanks for that - I have run the wizard on SBS console and installed the SSL Cert. This is however for Exchange and the new certificate does not appear even though I have run the wizard.


HI LIOR   . Thanks for the help - I now have two certificates in exchange - the original GoDaddy that expires in 10 days time and the new one (Both with the same Assigned Services)

What do I do with the one that is about to expire - do you overlap etc seamlessly or do I need to delete one?

Thank you Both.
Andfy
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Hi Simon - Didn't realise you were Sembee.

I have run the SBS wizard and installed the certificate.

(Side issue..) When I remote connect the certificate still show the old one about to expire - do you know why that is please?

Also - Does the certificate need installing / importing into Exchange 2010 - there is an existing GoDaddy one there.

Thanks Simon
0
 
LVL 24

Expert Comment

by:-MAS
Comment Utility
Please run this command iisreset/noforce and try

If you can see the new certificate listed in EMC you can delete the old one
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The SBS console should have imported the certificate in to Exchange 2010 as well. If you look in EMC, are the services listed next to the new certificate correctly?

Simon.
0
 
LVL 1

Author Comment

by:AndyKeen
Comment Utility
Thank you Simon, spot on with the advice.

Thank you all for your help and patience.
0
 
LVL 1

Author Closing Comment

by:AndyKeen
Comment Utility
There were many people who helped me with this and it was difficult to know how to give out the points because there is more than one way to do it - however Simon picked-up that this was SBS2011 and because of that the answer was quite simple.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now