Solved

Exchange 2010 Wildcard SSL Renewal Issue

Posted on 2014-01-16
5
492 Views
Last Modified: 2014-01-27
Hi Experts,

Need some assistance/advice..

Our Exchange 2010 (Wildcard SSL) certificate is about to expire, our ISP has already renewed the certificate for me and they have sent me the files 1.crt and one iis.pkcs7 file. They did the renewal without the request file from my side.

1st all my info is still the same - Server Names, Domain Names and IP’s are all unchanged.

Now.. When I try to complete the renewal process on my side it completes without a problem it adds the new certificate into certificate store on the exchange server (Personal) this certificate doesn't show the padlock icon. In exchange management console the certificate is still showing Pending. When you redo the process it tells you the cert thumbprint already exists, after deleting the cert from certificate store under personal you can complete the process..

Steps Ive done, I created a new certificate request on my exchange server and asked our ISP to re-key our current cert..
As far as I know this should work but my ISP has still not responded to my request (now 4days and a couple of hours and plenty of emails and phone calls later)

So now I’m stuck in a loop here, what else can I do while I wait for my ISP?

Attached are some screenshot I think are relevant to my question..

Regards
exchange-cert-console.PNG
current-cert.PNG
cert-2-in-exchange-console.PNG
cert-console.PNG
0
Comment
Question by:Dirk Mare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 350 total points
ID: 39785093
You cannot use an existing CSR with Exchange, it needs to be a new one.
Therefore unless the ISP sent you a complete certificate (rather than just a response) what you had was useless.
The rekey is the best option, and it is down to waiting for the ISP to supply it.

Although four days is a joke - I can get certificates in less than 20 minutes. Probably time to escalate the request or take the business elsewhere.

Simon.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 150 total points
ID: 39785142
Just to add, Wildcard certs although can be used they are not recommended for Exchange. It is best to get a SAN/UCC cert for Exchange going forward, i would look into this before you renew your wildcard cert.

Will.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 0 total points
ID: 39785966
Managed to get the boss of the boss at ISP, 5min later and received the correct info..

Exchange and TMG server running on the new cert..

Thanks
0
 
LVL 16

Author Closing Comment

by:Dirk Mare
ID: 39811527
Changed the Grade to A.

Thanks All
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question