Solved

Renewing Self Signed Certificate in SBS 2008

Posted on 2014-01-23
2
733 Views
Last Modified: 2014-01-24
When I originally set up our SBS server I set our domain to what I will call ABC.com. After some time the owners wanted a different domain for email. To do this, I went into the exchange server Organization\Hub Transport and set up a new Accepted domain of  what I will call XYZ.com. I then went in to the E-Mail Address Polices and modified the "Windows SBS Email Address Policy" to reflect the new domain. So now when I run the add new user wizard from the SBS Console, the default smtp email address of the new user properly reflects the new domain. This allowed me to keep the ABC accepted domain and continue to receive emails sent to that domain. It also allowed me to not have to change the external domain name, which I was concerned might jack up a whole lot of other things as well. All good.

Two years ago, I had to renew the Self Signed Certificate. I honestly cant remember whether I ran the "Fix My Network " wizard or the "Set Up Your Internet Address" wizard. I think it might have been "Fix My Network". My understanding is that you can (and must) run either of these wizards to renew the cert.

But what I do remember is that the wizard reset (actually overwrote) everyone's default email address back to the ABC domain. The only way I could correct the problem was to go into each and everyone's Mailbox and change their smtp addresses back to the new domain.

It is getting close to the timeframe where I need to renew this certificate again and I really would like to avoid the problem this time around. Has anybody seen this and if so, know how to avoid it?
0
Comment
Question by:RickElcessor
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39805789
The SBS system is tightly integrated. Your mistake was making modifications outside of the wizard. If you want to use a different domain then you should have run the Internet Name wizard, entering the new domain name when prompted. A self signed SSL certificate would have been created in the new domain and everything would be fine. If you still wanted the old domain to work then just add that domain as an additional domain in a new email address policy.

That is what I would encourage you to do now.
I would also encourage you to drop the self signed certificate, which isn't really designed for production use, and swap it for a trusted certificate. That way you will not have to visit every client to install the certificate and end users accessing the server from external do not have to bypass SSL warnings, which is a bad thing to get users used to doing.

http://exchange.sembee.info/2007/install/sbs2008ssl.asp

Simon.
0
 

Author Closing Comment

by:RickElcessor
ID: 39807610
Obviously not what I wanted to hear but I get it. Makes perfect sense. Thanks
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Suggested Solutions

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now