Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Importing new Exchange 2010 SSL Certificate

Posted on 2014-09-17
8
Medium Priority
?
229 Views
Last Modified: 2014-09-18
Experts,

I'm drawing a total blank on this one.  We have a wildcard cert installed to our Exchange Enterprise 2010 server.  Its expiring soon.  We've purchased a new one from our vendor, and I'm in the process of importing it, to bind it to SMTP and IIS.  And Every time I do this, I completely hit a wall when it comes to importing and assigning.

I have the cert imported successfully.  Exchange sees it through the EMC as "Self Signed = False"  which is good.  I needing to assign the SMTP and IIS services to the cert.  Upon clicking Assign, I get a popup that asks me "Do you want to enforce ssl communication to the root website?  Yes/YesToAll/No/Cancel.

I panicked, and I clicked no, and no to the other message asking me to replace the SMTP....something...

Needless to say, It assigned the cert to SMTP, but not to IIS.  I cant remember what i need to do here, if I should be saying Yes to both, and then going into IIS and simply removing SSL from the default site?  Or.....  How do I proceed?

Thanks!
0
Comment
Question by:cocosyseng
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 400 total points
ID: 40329147
You can re-run the command to re-assign the certifcate to the various protocols ie SMTP, IIS, POP and IMAP.
If you need to you can load IIS management console, and on the default web site, you can click on Bind to check if the Certificate is applied to the website and then tick/untick 'Require SSL' for the root and virtual directories manually.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1200 total points
ID: 40329148
Simply get the thumbprint for the certificate and run the Enable-Exchangecertificate command to assign the certificate to the required services.

e.g.

Enable-ExchangeCertificate  -Services 'IMAP, POP, IIS, SMTP' -Thumbprint '<certificate thumbprint>'

More details :

http://technet.microsoft.com/en-us/library/dd351257%28v=exchg.141%29.aspx
0
 

Author Comment

by:cocosyseng
ID: 40329179
I saw that link, but the popups just threw me off.  I can see in IIS its seeing the cert, so that's no issue there.  my worry is what its going to do to EMC, Outlook, and active-sync...  

So, do I just log into IIS, and change the binding manually, or do I need to do it through EMC?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 29

Assisted Solution

by:becraig
becraig earned 1200 total points
ID: 40329183
you can bind for IIS ONLY if you want to:

Enable-ExchangeCertificate  -Services 'IIS' -Thumbprint '<certificate thumbprint>'
0
 

Author Comment

by:cocosyseng
ID: 40329190
OK, I'll give that a shot and post back later and let you know how it goes.  Our old cert that's expiring in a couple weeks is bound to IIS and SMTP only.   Just wanting to make sure I do this right so I don't interrupt mail flow.

Thanks!  Back shortly...
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1200 total points
ID: 40329194
also be sure to run iisreset to make sure the binding for IIS takes, you can change the cert manually in IIS as well if you need to either one works.
0
 
LVL 27

Accepted Solution

by:
MAS earned 400 total points
ID: 40329208
0
 

Author Comment

by:cocosyseng
ID: 40330408
Thanks everyone!!  I was able to get the road block cleared and the cert installed and assigned.  the link from MAS helped a bunch too!  Thanks guys!!!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question