Solved

SSL renewal issue

Posted on 2014-09-16
6
266 Views
Last Modified: 2014-09-22
I have an WinSBS server that resides behind a firewall with a 192.168.1.x address.  The external hostname is remote.server.com, which port forwards email and IIS.  Recently, the company changed the external hostname to email.newhost.com.

When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname.  Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert.  They are still bound to the old cert, which uses the old hostname.

I believe this is related to the external hostname switch over, but am not sure how to resolve it.  Will either of the following resolve the issue?

1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP

2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain

Thank you
0
Comment
Question by:rdege
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40325827
Have you run the "fix my Network" wizard to make the changes  ?

Also you can run the following command from the shell to bind the certificate:

Enable-ExchangeCertificate -Thumbprint <thumbprint of new certificate> -Services POP,IMAP,SMTP,IIS

To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafter

I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.
0
 
LVL 1

Author Comment

by:rdege
ID: 40325983
@becraig: The only change occurred on the registrar website.  They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself.  Is there anything I check?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325993
Running the Fix my network wizard will take care of all the things you need then.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 1

Accepted Solution

by:
rdege earned 0 total points
ID: 40328634
I was able to resolve this with the following steps:

1) Open the Windows SBS -> Network

2) Click Fix My Network (as becraig mentioned)

3) Click Setup your Internet Address wizard (it was still pointing to the old hostname)

4) Click Add a trusted certificate (the internet address wizard removed the expired cert. and assigned a self-signed one)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328653
Yup that's the beauty of the wizard.  

Glad you got it fixed.
0
 
LVL 1

Author Closing Comment

by:rdege
ID: 40336156
becraig's solution only offered /13 of the overall solution
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question