Solved

SSL renewal issue

Posted on 2014-09-16
6
262 Views
Last Modified: 2014-09-22
I have an WinSBS server that resides behind a firewall with a 192.168.1.x address.  The external hostname is remote.server.com, which port forwards email and IIS.  Recently, the company changed the external hostname to email.newhost.com.

When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname.  Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert.  They are still bound to the old cert, which uses the old hostname.

I believe this is related to the external hostname switch over, but am not sure how to resolve it.  Will either of the following resolve the issue?

1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP

2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain

Thank you
0
Comment
Question by:rdege
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40325827
Have you run the "fix my Network" wizard to make the changes  ?

Also you can run the following command from the shell to bind the certificate:

Enable-ExchangeCertificate -Thumbprint <thumbprint of new certificate> -Services POP,IMAP,SMTP,IIS

To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafter

I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.
0
 
LVL 1

Author Comment

by:rdege
ID: 40325983
@becraig: The only change occurred on the registrar website.  They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself.  Is there anything I check?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325993
Running the Fix my network wizard will take care of all the things you need then.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Accepted Solution

by:
rdege earned 0 total points
ID: 40328634
I was able to resolve this with the following steps:

1) Open the Windows SBS -> Network

2) Click Fix My Network (as becraig mentioned)

3) Click Setup your Internet Address wizard (it was still pointing to the old hostname)

4) Click Add a trusted certificate (the internet address wizard removed the expired cert. and assigned a self-signed one)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328653
Yup that's the beauty of the wizard.  

Glad you got it fixed.
0
 
LVL 1

Author Closing Comment

by:rdege
ID: 40336156
becraig's solution only offered /13 of the overall solution
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question