Solved

Importing new Exchange 2010 SSL Certificate

Posted on 2014-09-17
8
216 Views
Last Modified: 2014-09-18
Experts,

I'm drawing a total blank on this one.  We have a wildcard cert installed to our Exchange Enterprise 2010 server.  Its expiring soon.  We've purchased a new one from our vendor, and I'm in the process of importing it, to bind it to SMTP and IIS.  And Every time I do this, I completely hit a wall when it comes to importing and assigning.

I have the cert imported successfully.  Exchange sees it through the EMC as "Self Signed = False"  which is good.  I needing to assign the SMTP and IIS services to the cert.  Upon clicking Assign, I get a popup that asks me "Do you want to enforce ssl communication to the root website?  Yes/YesToAll/No/Cancel.

I panicked, and I clicked no, and no to the other message asking me to replace the SMTP....something...

Needless to say, It assigned the cert to SMTP, but not to IIS.  I cant remember what i need to do here, if I should be saying Yes to both, and then going into IIS and simply removing SSL from the default site?  Or.....  How do I proceed?

Thanks!
0
Comment
Question by:cocosyseng
8 Comments
 
LVL 18

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 100 total points
ID: 40329147
You can re-run the command to re-assign the certifcate to the various protocols ie SMTP, IIS, POP and IMAP.
If you need to you can load IIS management console, and on the default web site, you can click on Bind to check if the Certificate is applied to the website and then tick/untick 'Require SSL' for the root and virtual directories manually.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329148
Simply get the thumbprint for the certificate and run the Enable-Exchangecertificate command to assign the certificate to the required services.

e.g.

Enable-ExchangeCertificate  -Services 'IMAP, POP, IIS, SMTP' -Thumbprint '<certificate thumbprint>'

More details :

http://technet.microsoft.com/en-us/library/dd351257%28v=exchg.141%29.aspx
0
 

Author Comment

by:cocosyseng
ID: 40329179
I saw that link, but the popups just threw me off.  I can see in IIS its seeing the cert, so that's no issue there.  my worry is what its going to do to EMC, Outlook, and active-sync...  

So, do I just log into IIS, and change the binding manually, or do I need to do it through EMC?
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329183
you can bind for IIS ONLY if you want to:

Enable-ExchangeCertificate  -Services 'IIS' -Thumbprint '<certificate thumbprint>'
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:cocosyseng
ID: 40329190
OK, I'll give that a shot and post back later and let you know how it goes.  Our old cert that's expiring in a couple weeks is bound to IIS and SMTP only.   Just wanting to make sure I do this right so I don't interrupt mail flow.

Thanks!  Back shortly...
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329194
also be sure to run iisreset to make sure the binding for IIS takes, you can change the cert manually in IIS as well if you need to either one works.
0
 
LVL 24

Accepted Solution

by:
-MAS earned 100 total points
ID: 40329208
0
 

Author Comment

by:cocosyseng
ID: 40330408
Thanks everyone!!  I was able to get the road block cleared and the cert installed and assigned.  the link from MAS helped a bunch too!  Thanks guys!!!
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now