Exchange 2010/OWA/SSL cert update questions
Posted on 2014-04-17
Hi, all! Infrastructure consists of an Exchange 2010 cluster (3 MB servers, 2 CAS servers in one location, one MB & CAS in another) with an OWA install sitting behind a Barracuda load balancer. Config has been working fine for years, no problems, cert & OWA working perfectly.
Recently rekeyed our UCC SSL cert (GoDaddy). SANs on certificate still set for our infrastructure, no DNS/AD changes, no hardware changes. Installed the replacement cert on our IIS server, but OWA access now throwing errors (certificate revocation in browsers). We can shut off cert revocation checks in IE and Firefox to ignore the issue, but that's not the question at the moment.
My question is about the process to update the cert, and whether I should expect any cert chain issues from the update. The plan is to update the cert on the two CAS servers in the main office (IIS/OWA server already has updated cert installed; root web works fine [all green]), the remote CAS server, and our load balancer tonite, then set the services on the cert from the Exchange Management Console. I'm fairly certain the errors being thrown now are because the cert on the OWA/IIS box doesn't match the cert on the CAS servers, so it's throwing an error (please correct me if my assumption is wrong). I plan to import the .pfx file into the CAS servers and load balancer; is there a step that I'm missing in the process here, and since the configuration originally has been working correctly and the root CA hasn't changed, is this going to be a quick and dirty change, or should I expect other issues that I haven't foreseen? As I mentioned, this was a re-key, and not a revocation/new cert. My concern is that with the re-key something critical (like a correct certificate chain?) may have changed as a result of the certificate change.
Any thoughts and suggestions from someone who's been through this would be appreciated. I'll be importing the re-keyed cert tonite.