Solved

Exchange 2010 Wildcard SSL Renewal Issue

Posted on 2014-01-16
5
487 Views
Last Modified: 2014-01-27
Hi Experts,

Need some assistance/advice..

Our Exchange 2010 (Wildcard SSL) certificate is about to expire, our ISP has already renewed the certificate for me and they have sent me the files 1.crt and one iis.pkcs7 file. They did the renewal without the request file from my side.

1st all my info is still the same - Server Names, Domain Names and IP’s are all unchanged.

Now.. When I try to complete the renewal process on my side it completes without a problem it adds the new certificate into certificate store on the exchange server (Personal) this certificate doesn't show the padlock icon. In exchange management console the certificate is still showing Pending. When you redo the process it tells you the cert thumbprint already exists, after deleting the cert from certificate store under personal you can complete the process..

Steps Ive done, I created a new certificate request on my exchange server and asked our ISP to re-key our current cert..
As far as I know this should work but my ISP has still not responded to my request (now 4days and a couple of hours and plenty of emails and phone calls later)

So now I’m stuck in a loop here, what else can I do while I wait for my ISP?

Attached are some screenshot I think are relevant to my question..

Regards
exchange-cert-console.PNG
current-cert.PNG
cert-2-in-exchange-console.PNG
cert-console.PNG
0
Comment
Question by:Dirk Mare
  • 2
5 Comments
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 350 total points
ID: 39785093
You cannot use an existing CSR with Exchange, it needs to be a new one.
Therefore unless the ISP sent you a complete certificate (rather than just a response) what you had was useless.
The rekey is the best option, and it is down to waiting for the ISP to supply it.

Although four days is a joke - I can get certificates in less than 20 minutes. Probably time to escalate the request or take the business elsewhere.

Simon.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 150 total points
ID: 39785142
Just to add, Wildcard certs although can be used they are not recommended for Exchange. It is best to get a SAN/UCC cert for Exchange going forward, i would look into this before you renew your wildcard cert.

Will.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 0 total points
ID: 39785966
Managed to get the boss of the boss at ISP, 5min later and received the correct info..

Exchange and TMG server running on the new cert..

Thanks
0
 
LVL 16

Author Closing Comment

by:Dirk Mare
ID: 39811527
Changed the Grade to A.

Thanks All
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now