?
Solved

Renewing Self Signed Certificate in SBS 2008

Posted on 2014-01-23
2
Medium Priority
?
768 Views
Last Modified: 2014-01-24
When I originally set up our SBS server I set our domain to what I will call ABC.com. After some time the owners wanted a different domain for email. To do this, I went into the exchange server Organization\Hub Transport and set up a new Accepted domain of  what I will call XYZ.com. I then went in to the E-Mail Address Polices and modified the "Windows SBS Email Address Policy" to reflect the new domain. So now when I run the add new user wizard from the SBS Console, the default smtp email address of the new user properly reflects the new domain. This allowed me to keep the ABC accepted domain and continue to receive emails sent to that domain. It also allowed me to not have to change the external domain name, which I was concerned might jack up a whole lot of other things as well. All good.

Two years ago, I had to renew the Self Signed Certificate. I honestly cant remember whether I ran the "Fix My Network " wizard or the "Set Up Your Internet Address" wizard. I think it might have been "Fix My Network". My understanding is that you can (and must) run either of these wizards to renew the cert.

But what I do remember is that the wizard reset (actually overwrote) everyone's default email address back to the ABC domain. The only way I could correct the problem was to go into each and everyone's Mailbox and change their smtp addresses back to the new domain.

It is getting close to the timeframe where I need to renew this certificate again and I really would like to avoid the problem this time around. Has anybody seen this and if so, know how to avoid it?
0
Comment
Question by:RickElcessor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39805789
The SBS system is tightly integrated. Your mistake was making modifications outside of the wizard. If you want to use a different domain then you should have run the Internet Name wizard, entering the new domain name when prompted. A self signed SSL certificate would have been created in the new domain and everything would be fine. If you still wanted the old domain to work then just add that domain as an additional domain in a new email address policy.

That is what I would encourage you to do now.
I would also encourage you to drop the self signed certificate, which isn't really designed for production use, and swap it for a trusted certificate. That way you will not have to visit every client to install the certificate and end users accessing the server from external do not have to bypass SSL warnings, which is a bad thing to get users used to doing.

http://exchange.sembee.info/2007/install/sbs2008ssl.asp

Simon.
0
 

Author Closing Comment

by:RickElcessor
ID: 39807610
Obviously not what I wanted to hear but I get it. Makes perfect sense. Thanks
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question