Solved

Exchange 2010 Wildcard SSL Renewal Issue

Posted on 2014-01-16
5
505 Views
Last Modified: 2014-01-27
Hi Experts,

Need some assistance/advice..

Our Exchange 2010 (Wildcard SSL) certificate is about to expire, our ISP has already renewed the certificate for me and they have sent me the files 1.crt and one iis.pkcs7 file. They did the renewal without the request file from my side.

1st all my info is still the same - Server Names, Domain Names and IP’s are all unchanged.

Now.. When I try to complete the renewal process on my side it completes without a problem it adds the new certificate into certificate store on the exchange server (Personal) this certificate doesn't show the padlock icon. In exchange management console the certificate is still showing Pending. When you redo the process it tells you the cert thumbprint already exists, after deleting the cert from certificate store under personal you can complete the process..

Steps Ive done, I created a new certificate request on my exchange server and asked our ISP to re-key our current cert..
As far as I know this should work but my ISP has still not responded to my request (now 4days and a couple of hours and plenty of emails and phone calls later)

So now I’m stuck in a loop here, what else can I do while I wait for my ISP?

Attached are some screenshot I think are relevant to my question..

Regards
exchange-cert-console.PNG
current-cert.PNG
cert-2-in-exchange-console.PNG
cert-console.PNG
0
Comment
Question by:Dirk Mare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 350 total points
ID: 39785093
You cannot use an existing CSR with Exchange, it needs to be a new one.
Therefore unless the ISP sent you a complete certificate (rather than just a response) what you had was useless.
The rekey is the best option, and it is down to waiting for the ISP to supply it.

Although four days is a joke - I can get certificates in less than 20 minutes. Probably time to escalate the request or take the business elsewhere.

Simon.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 150 total points
ID: 39785142
Just to add, Wildcard certs although can be used they are not recommended for Exchange. It is best to get a SAN/UCC cert for Exchange going forward, i would look into this before you renew your wildcard cert.

Will.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 0 total points
ID: 39785966
Managed to get the boss of the boss at ISP, 5min later and received the correct info..

Exchange and TMG server running on the new cert..

Thanks
0
 
LVL 16

Author Closing Comment

by:Dirk Mare
ID: 39811527
Changed the Grade to A.

Thanks All
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question