Solved

Exchange 2010 Godaddy SSL Cert

Posted on 2014-03-13
11
559 Views
Last Modified: 2014-03-13
I am getting ready to start an Exchange 2003 to Exchange 2010 migration.  We currently have a godaddy standard ssl cert installed on our Exchange 2003 server.  Our AD domain users a name with ".local".

I just want to ensure there are no issues with owa access, Outlook/exchange discovery, etc.

The current cert does not expire until mid 2015.  

Can I use this same standard certificate or do I need to renew for another one, etc?

Do you foresee any potential issues that would affect the migration or post migration?
0
Comment
Question by:cmp119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 3

Expert Comment

by:Mutogi
ID: 39927050
The .local within a year can not be used on UCC SSL which is needed for 2010.

youll need to reissue for 2010, atleast for OWA traffic on external email.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39927060
You won't be able to use a .local SSL certificate with Exchange 2010 because that name won't resolve publicly, so you would need to buy a new SSL certificate and buy a SAN / UCC SSL certificate.

Make sure you ad mail.domain.com (or whatever you want to use instead of mail. and also autodiscover.domain.com)

Alan
0
 

Author Comment

by:cmp119
ID: 39927076
Let's say my current godaddy SSL certificate is for mail.xyz.com, and when I renew the certificate how would it be ordered?  

I need specifics as to I want to ensure minimal problems ordering it and installing it on the exchange 2010 server.  I also do not want to cause any issues with Outlook clients communicating with this mail server.  OWA should also be able work with the new certificate as well.

Thanks.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39927089
Buy a SAN / UCC SSLS cert and add the names:

mail.xyz.com and
autodiscover.xyz.com

you won't be able to renew the existing SSL certificate because that is likely to be a Single Name SSL certificate because that was all that Exchange 2003 needed.

OWA will work happily with a cert with mail.xyz.com in it.
0
 

Author Comment

by:cmp119
ID: 39927105
So let's say the AD domain is chap.local and the public mail domain is @xyz.com and the  mx record is mail.xyz.com.  With this information how would the SSL certificate be ordered?

Also, how would this affect Outlook clients needs to communicate with the local Exchange 2010 server, etc?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39927111
Exactly as I have already said.  You can't order a domain with a .local name in it any more (unless the cert expires before Nov 2015), but you can tweak exchange to tell it to look at the xyz.com domain name instead of the .local domain name for .local internal domains.
0
 

Author Comment

by:cmp119
ID: 39927115
Alen - I just saw your response.  I presume I do not need to worry about adding servername.xyz.local.

I am concerned local outlook clients may have issues with this certificate for some reason.  I just don't want to deal with outlook clients issues that could possibly be related to an installed SSL Cert.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39927125
There won't be any problems - trust me.

I manage dozens of SBS / Exchange servers and all they have in their SSL certs nowadays are mail.domain.com and autodiscover.domain.com and they are all .local internal domain names!   Our own domain is also exactly the same and we have an Exchange 2010 server internally.
0
 

Author Closing Comment

by:cmp119
ID: 39927137
Thank you for the clarification Alan!!!!
0
 

Author Comment

by:cmp119
ID: 39927143
Let me ask, do you have any documents you can send me pertaining to installing Exchange 2010 on a Windows Server 2012 VM.  I am currently using a document by the name of "Rapid Transition guide from Exchange 2003 to Exchange 2010, but it pertains to Windows Server 2008 R2 specifically.  Not sure what sort of snags I may run into with Windows Server 2012 as a VM.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39927844
This link looks like it should help you (I don't have any articles myself):

http://oxfordsbsguy.com/2013/03/24/how-to-install-exchange-2010-sp3-on-windows-server-2012/

Alan
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question