SBS2011 - Exchange 2010 Certificates - Driving me Nuts!!!!
Hi All.
We have an on-going issue with Exchange 2010 certificates on one of our clients servers
(We are treading cautiously as SSL on Exchange is new to us)
We have a Godaddy SSL cert that has been working fine and we want to renew it.
We have at this point renewed the SSL at Godaddy with the original CSR and have downloaded it ready to install.
Following these instructions from TechNet:
Use the EMC to renew an Exchange certificate
1. In the console tree, click Server Configuration. - DONE
2. Select the server that contains the certificate, and then select the certificate you want to renew. - DONE
3. In the action pane, click Renew Exchange Certificate. - DONE
4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.
HERE - when you select Renew Exchange Certificate the wizard opens with:
Specify the name of the request file in the box below..... The name must end with the extension ".req"
and its here this is driving me nuts.
I appreciate I may need to submit a new CSR, but what is this .req and how do I use this in renewing the SSL certificate.
Other instructions I have found state that at this point you should be able to select the new certificate, but I cannot.
If I follow this wizard it creates this .REQ file but if I open it with notepad there is no valid CSR data that I can see - however it does create a temporary certificate in the Exchange Certificates that states - something like (Sorry I have deleted it now) continue process pending request.
Can anyone help at all please.
Thank you
Regards
Andy
We have an on-going issue with Exchange 2010 certificates on one of our clients servers
(We are treading cautiously as SSL on Exchange is new to us)
We have a Godaddy SSL cert that has been working fine and we want to renew it.
We have at this point renewed the SSL at Godaddy with the original CSR and have downloaded it ready to install.
Following these instructions from TechNet:
Use the EMC to renew an Exchange certificate
1. In the console tree, click Server Configuration. - DONE
2. Select the server that contains the certificate, and then select the certificate you want to renew. - DONE
3. In the action pane, click Renew Exchange Certificate. - DONE
4. On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.
HERE - when you select Renew Exchange Certificate the wizard opens with:
Specify the name of the request file in the box below..... The name must end with the extension ".req"
and its here this is driving me nuts.
I appreciate I may need to submit a new CSR, but what is this .req and how do I use this in renewing the SSL certificate.
Other instructions I have found state that at this point you should be able to select the new certificate, but I cannot.
If I follow this wizard it creates this .REQ file but if I open it with notepad there is no valid CSR data that I can see - however it does create a temporary certificate in the Exchange Certificates that states - something like (Sorry I have deleted it now) continue process pending request.
Can anyone help at all please.
Thank you
Regards
Andy
Pete Long
If you already have the new certificate from go-daddy simply import it, then assign the services to it, then remove the old certificate
ASKER
Hi Pete.
Thank you for that.
Due to caution and lack of experience, I am not sure how to import it and from where.
I can see in the EMC there is an 'import exchange certificate'
If I run this wizard it is asking for a file location (Fine) and a password that the certificate does not have.
Or do I import it else where.
Thank you
Andy
Thank you for that.
Due to caution and lack of experience, I am not sure how to import it and from where.
I can see in the EMC there is an 'import exchange certificate'
If I run this wizard it is asking for a file location (Fine) and a password that the certificate does not have.
Or do I import it else where.
Thank you
Andy
if your file is not listed change the file type to "all" then you can see your cetificate.
Password you can type your admin password.
Please check this
https://www.geocerts.com/install/exchange_2010
if you have any doubt please let us know
Password you can type your admin password.
Please check this
https://www.geocerts.com/install/exchange_2010
if you have any doubt please let us know
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI Mas.
Thank you for your help.
Specifying the Admin password did the trick - however following the wizard which completed successfully - I CANNOT see the new certificate listed in exchange - only the original certificates are visible.
I have quick exchange and re-opened it and also refreshed the screen - still no Joy.
Any ideas please
Thank you
Andy
Thank you for your help.
Specifying the Admin password did the trick - however following the wizard which completed successfully - I CANNOT see the new certificate listed in exchange - only the original certificates are visible.
I have quick exchange and re-opened it and also refreshed the screen - still no Joy.
Any ideas please
Thank you
Andy
ASKER
Hi Lior.
Thank you for your help.
Really confused now - I thought this was all done through EMC.
Anyhow - Do I click the EXISTING GoDaddy certificate in that location and complete the 'Complete certificate request' and navigate to the certificate I have already renewed from GoDaddy or.. something else...
Thank you
Thank you for your help.
Really confused now - I thought this was all done through EMC.
Anyhow - Do I click the EXISTING GoDaddy certificate in that location and complete the 'Complete certificate request' and navigate to the certificate I have already renewed from GoDaddy or.. something else...
Thank you
No, right click an empty space.
ASKER
Thanks Lior.
OK done that and its shown up in Exchange.
I am in the process of assigning services to the certificate and it has come up with the following warning:
Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.
What do I do here please.
Thank you
OK done that and its shown up in Exchange.
I am in the process of assigning services to the certificate and it has come up with the following warning:
Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.
What do I do here please.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Lior.
OK done that and its shown up in Exchange.
I am in the process of assigning services to the certificate and it has come up with the following warning:
Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.
What do I do here please.
Thank you
OK done that and its shown up in Exchange.
I am in the process of assigning services to the certificate and it has come up with the following warning:
Do you want to enforce SSL Communication on the root web site? if not, rerun the cmdlet with the -DoNotRequireSSL parameter.
What do I do here please.
Thank you
Click No, and run the command that appears under "Exchange Management Shell command completed" with "-DoNotRequireSSL" at the end from EMS.
ASKER
Hi Simon - Thanks for that - I have run the wizard on SBS console and installed the SSL Cert. This is however for Exchange and the new certificate does not appear even though I have run the wizard.
HI LIOR . Thanks for the help - I now have two certificates in exchange - the original GoDaddy that expires in 10 days time and the new one (Both with the same Assigned Services)
What do I do with the one that is about to expire - do you overlap etc seamlessly or do I need to delete one?
Thank you Both.
Andfy
HI LIOR . Thanks for the help - I now have two certificates in exchange - the original GoDaddy that expires in 10 days time and the new one (Both with the same Assigned Services)
What do I do with the one that is about to expire - do you overlap etc seamlessly or do I need to delete one?
Thank you Both.
Andfy
ASKER
Hi Simon - Didn't realise you were Sembee.
I have run the SBS wizard and installed the certificate.
(Side issue..) When I remote connect the certificate still show the old one about to expire - do you know why that is please?
Also - Does the certificate need installing / importing into Exchange 2010 - there is an existing GoDaddy one there.
Thanks Simon
I have run the SBS wizard and installed the certificate.
(Side issue..) When I remote connect the certificate still show the old one about to expire - do you know why that is please?
Also - Does the certificate need installing / importing into Exchange 2010 - there is an existing GoDaddy one there.
Thanks Simon
Please run this command iisreset/noforce and try
If you can see the new certificate listed in EMC you can delete the old one
If you can see the new certificate listed in EMC you can delete the old one
The SBS console should have imported the certificate in to Exchange 2010 as well. If you look in EMC, are the services listed next to the new certificate correctly?
Simon.
Simon.
ASKER
Thank you Simon, spot on with the advice.
Thank you all for your help and patience.
Thank you all for your help and patience.
ASKER
There were many people who helped me with this and it was difficult to know how to give out the points because there is more than one way to do it - however Simon picked-up that this was SBS2011 and because of that the answer was quite simple.