Solved

Importing new Exchange 2010 SSL Certificate

Posted on 2014-09-17
8
222 Views
Last Modified: 2014-09-18
Experts,

I'm drawing a total blank on this one.  We have a wildcard cert installed to our Exchange Enterprise 2010 server.  Its expiring soon.  We've purchased a new one from our vendor, and I'm in the process of importing it, to bind it to SMTP and IIS.  And Every time I do this, I completely hit a wall when it comes to importing and assigning.

I have the cert imported successfully.  Exchange sees it through the EMC as "Self Signed = False"  which is good.  I needing to assign the SMTP and IIS services to the cert.  Upon clicking Assign, I get a popup that asks me "Do you want to enforce ssl communication to the root website?  Yes/YesToAll/No/Cancel.

I panicked, and I clicked no, and no to the other message asking me to replace the SMTP....something...

Needless to say, It assigned the cert to SMTP, but not to IIS.  I cant remember what i need to do here, if I should be saying Yes to both, and then going into IIS and simply removing SSL from the default site?  Or.....  How do I proceed?

Thanks!
0
Comment
Question by:cocosyseng
8 Comments
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 100 total points
ID: 40329147
You can re-run the command to re-assign the certifcate to the various protocols ie SMTP, IIS, POP and IMAP.
If you need to you can load IIS management console, and on the default web site, you can click on Bind to check if the Certificate is applied to the website and then tick/untick 'Require SSL' for the root and virtual directories manually.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329148
Simply get the thumbprint for the certificate and run the Enable-Exchangecertificate command to assign the certificate to the required services.

e.g.

Enable-ExchangeCertificate  -Services 'IMAP, POP, IIS, SMTP' -Thumbprint '<certificate thumbprint>'

More details :

http://technet.microsoft.com/en-us/library/dd351257%28v=exchg.141%29.aspx
0
 

Author Comment

by:cocosyseng
ID: 40329179
I saw that link, but the popups just threw me off.  I can see in IIS its seeing the cert, so that's no issue there.  my worry is what its going to do to EMC, Outlook, and active-sync...  

So, do I just log into IIS, and change the binding manually, or do I need to do it through EMC?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 29

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329183
you can bind for IIS ONLY if you want to:

Enable-ExchangeCertificate  -Services 'IIS' -Thumbprint '<certificate thumbprint>'
0
 

Author Comment

by:cocosyseng
ID: 40329190
OK, I'll give that a shot and post back later and let you know how it goes.  Our old cert that's expiring in a couple weeks is bound to IIS and SMTP only.   Just wanting to make sure I do this right so I don't interrupt mail flow.

Thanks!  Back shortly...
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 300 total points
ID: 40329194
also be sure to run iisreset to make sure the binding for IIS takes, you can change the cert manually in IIS as well if you need to either one works.
0
 
LVL 25

Accepted Solution

by:
-MAS earned 100 total points
ID: 40329208
0
 

Author Comment

by:cocosyseng
ID: 40330408
Thanks everyone!!  I was able to get the road block cleared and the cert installed and assigned.  the link from MAS helped a bunch too!  Thanks guys!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question