SSL renewal issue

I have an WinSBS server that resides behind a firewall with a 192.168.1.x address.  The external hostname is remote.server.com, which port forwards email and IIS.  Recently, the company changed the external hostname to email.newhost.com.

When it came time to renew the SSL certificates for Exchange/IIS, a new SSL cert was created using the new hostname.  Although the certificate successfully installed, none of the services (POP, IMAP, IIS, SMTP) bound to the new cert.  They are still bound to the old cert, which uses the old hostname.

I believe this is related to the external hostname switch over, but am not sure how to resolve it.  Will either of the following resolve the issue?

1) Add email.newhost.com to the server's DNS so that email.newhost.com will resolve as the server's 192.168.1.x iP

2) Have a new SSL certificate issued, and add remote.server.com as a legacy domain

Thank you
LVL 1
RobertSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
Have you run the "fix my Network" wizard to make the changes  ?

Also you can run the following command from the shell to bind the certificate:

Enable-ExchangeCertificate -Thumbprint <thumbprint of new certificate> -Services POP,IMAP,SMTP,IIS

To get the thumbprint for the above command you can run from a powershell window:
gci cert:\LocalMachine\My | ft thumbprint,subject,notafter

I am assuming at this point everything has been updated to ensure your service works as expected with your new domain.
0
RobertSystems AdministratorAuthor Commented:
@becraig: The only change occurred on the registrar website.  They confirmed that all of the services worked correctly, but as far as I'm aware, no changes were made on the server itself.  Is there anything I check?
0
becraigCommented:
Running the Fix my network wizard will take care of all the things you need then.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RobertSystems AdministratorAuthor Commented:
I was able to resolve this with the following steps:

1) Open the Windows SBS -> Network

2) Click Fix My Network (as becraig mentioned)

3) Click Setup your Internet Address wizard (it was still pointing to the old hostname)

4) Click Add a trusted certificate (the internet address wizard removed the expired cert. and assigned a self-signed one)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
becraigCommented:
Yup that's the beauty of the wizard.  

Glad you got it fixed.
0
RobertSystems AdministratorAuthor Commented:
becraig's solution only offered /13 of the overall solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.