Solved

SSL renewal issue

Posted on 2014-09-16
6
259 Views
Last Modified: 2014-09-22
I have an WinSBS server that resides behind a firewall with a 192.168.1.x address.  The external hostname is remote.server.com, which port forwards email and IIS.  Recently, the company changed the external hostname to email.newhost.com.

When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname.  Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert.  They are still bound to the old cert, which uses the old hostname.

I believe this is related to the external hostname switch over, but am not sure how to resolve it.  Will either of the following resolve the issue?

1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP

2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain

Thank you
0
Comment
Question by:rdege
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40325827
Have you run the "fix my Network" wizard to make the changes  ?

Also you can run the following command from the shell to bind the certificate:

Enable-ExchangeCertificate -Thumbprint <thumbprint of new certificate> -Services POP,IMAP,SMTP,IIS

To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafter

I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.
0
 
LVL 1

Author Comment

by:rdege
ID: 40325983
@becraig: The only change occurred on the registrar website.  They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself.  Is there anything I check?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40325993
Running the Fix my network wizard will take care of all the things you need then.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Accepted Solution

by:
rdege earned 0 total points
ID: 40328634
I was able to resolve this with the following steps:

1) Open the Windows SBS -> Network

2) Click Fix My Network (as becraig mentioned)

3) Click Setup your Internet Address wizard (it was still pointing to the old hostname)

4) Click Add a trusted certificate (the internet address wizard removed the expired cert. and assigned a self-signed one)
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328653
Yup that's the beauty of the wizard.  

Glad you got it fixed.
0
 
LVL 1

Author Closing Comment

by:rdege
ID: 40336156
becraig's solution only offered /13 of the overall solution
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now