Robert
asked on
SSL renewal issue
I have an WinSBS server that resides behind a firewall with a 192.168.1.x address. The external hostname is remote.server.com, which port forwards email and IIS. Recently, the company changed the external hostname to email.newhost.com.
When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname. Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert. They are still bound to the old cert, which uses the old hostname.
I believe this is related to the external hostname switch over, but am not sure how to resolve it. Will either of the following resolve the issue?
1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP
2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain
Thank you
When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname. Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert. They are still bound to the old cert, which uses the old hostname.
I believe this is related to the external hostname switch over, but am not sure how to resolve it. Will either of the following resolve the issue?
1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP
2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain
Thank you
ASKER
@becraig: The only change occurred on the registrar website. They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself. Is there anything I check?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yup that's the beauty of the wizard.
Glad you got it fixed.
Glad you got it fixed.
ASKER
becraig's solution only offered /13 of the overall solution
Also you can run the following command from the shell to bind the certificate:
Enable-ExchangeCertificate
To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafte
I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.