?
Solved

SSL renewal issue

Posted on 2014-09-16
6
Medium Priority
?
281 Views
Last Modified: 2014-09-22
I have an WinSBS server that resides behind a firewall with a 192.168.1.x address.  The external hostname is remote.server.com, which port forwards email and IIS.  Recently, the company changed the external hostname to email.newhost.com.

When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname.  Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert.  They are still bound to the old cert, which uses the old hostname.

I believe this is related to the external hostname switch over, but am not sure how to resolve it.  Will either of the following resolve the issue?

1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP

2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain

Thank you
0
Comment
Question by:rdege
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40325827
Have you run the "fix my Network" wizard to make the changes  ?

Also you can run the following command from the shell to bind the certificate:

Enable-ExchangeCertificate -Thumbprint <thumbprint of new certificate> -Services POP,IMAP,SMTP,IIS

To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafter

I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.
0
 
LVL 1

Author Comment

by:rdege
ID: 40325983
@becraig: The only change occurred on the registrar website.  They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself.  Is there anything I check?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40325993
Running the Fix my network wizard will take care of all the things you need then.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 1

Accepted Solution

by:
rdege earned 0 total points
ID: 40328634
I was able to resolve this with the following steps:

1) Open the Windows SBS -> Network

2) Click Fix My Network (as becraig mentioned)

3) Click Setup your Internet Address wizard (it was still pointing to the old hostname)

4) Click Add a trusted certificate (the internet address wizard removed the expired cert. and assigned a self-signed one)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328653
Yup that's the beauty of the wizard.  

Glad you got it fixed.
0
 
LVL 1

Author Closing Comment

by:rdege
ID: 40336156
becraig's solution only offered /13 of the overall solution
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question