Exchange 2010 Wildcard SSL Renewal Issue

Hi Experts,

Need some assistance/advice..

Our Exchange 2010 (Wildcard SSL) certificate is about to expire, our ISP has already renewed the certificate for me and they have sent me the files 1.crt and one iis.pkcs7 file. They did the renewal without the request file from my side.

1st all my info is still the same - Server Names, Domain Names and IP’s are all unchanged.

Now.. When I try to complete the renewal process on my side it completes without a problem it adds the new certificate into certificate store on the exchange server (Personal) this certificate doesn't show the padlock icon. In exchange management console the certificate is still showing Pending. When you redo the process it tells you the cert thumbprint already exists, after deleting the cert from certificate store under personal you can complete the process..

Steps Ive done, I created a new certificate request on my exchange server and asked our ISP to re-key our current cert..
As far as I know this should work but my ISP has still not responded to my request (now 4days and a couple of hours and plenty of emails and phone calls later)

So now I’m stuck in a loop here, what else can I do while I wait for my ISP?

Attached are some screenshot I think are relevant to my question..

Regards
exchange-cert-console.PNG
current-cert.PNG
cert-2-in-exchange-console.PNG
cert-console.PNG
LVL 16
Dirk MareSystems Engineer (Acting IT Manager)Asked:
Who is Participating?
 
Dirk MareConnect With a Mentor Systems Engineer (Acting IT Manager)Author Commented:
Managed to get the boss of the boss at ISP, 5min later and received the correct info..

Exchange and TMG server running on the new cert..

Thanks
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You cannot use an existing CSR with Exchange, it needs to be a new one.
Therefore unless the ISP sent you a complete certificate (rather than just a response) what you had was useless.
The rekey is the best option, and it is down to waiting for the ISP to supply it.

Although four days is a joke - I can get certificates in less than 20 minutes. Probably time to escalate the request or take the business elsewhere.

Simon.
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Just to add, Wildcard certs although can be used they are not recommended for Exchange. It is best to get a SAN/UCC cert for Exchange going forward, i would look into this before you renew your wildcard cert.

Will.
0
 
Dirk MareSystems Engineer (Acting IT Manager)Author Commented:
Changed the Grade to A.

Thanks All
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.