Solved

certificate for exchange 2010

Posted on 2014-10-16
5
146 Views
Last Modified: 2014-10-20
Hi,

we have created a certificate request for exchange 2010 server and I have started certificate issuing procedure on Godaddy.
The server is authoritative for 5 different domains and for all 5 domains there is an autodiscover SAN record.
At verification they have noticed, that one of the domains currently is not registered anymore, so it cannot be listed on the certificate. I wanted to recreate the request on the exchange server without autodiscover record for that domain and start the procedure again. But at Godaddy they insured me, that it is enough if I simply remove SAN name from the request at their console (What I also did).
Will I have problems to complete pending certificate request at Exchange server with so modified certificate?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Thank you very much!
0
Comment
Question by:davorin
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 40384932
You can import certificate which has SANs which is not owned by you.

If you want to recreate the certificate please use this to generate CSR easily
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40385506
Removing a name from the certificate shouldn't cause a problem.
If it does, then just create a new CSR using the wizard in Exchange 2010, then do a rekey in the GoDaddy SSL control panel. They do not charge for that and the old certificate will work for 24 hours after the rekey to give you time to change them over.

If the domain is no longer registered then I would remove it from the list of domains in Exchange.

Simon.
0
 
LVL 27

Author Comment

by:davorin
ID: 40386247
New certificate was accepted by Exchange server with no problem and I have assigned to it IMAP, POP, IIS and SMTP services.

I have removed old expired certificate, but there are listed another three self signed certificates:
- (no name) assigned to IMAP, POP, SMTP
- Microsoft Exchange assigned to SMTP
- SCVMM_CERTIFICATE_KEY_CONTAINERserver.domain.local not assigned to any service ????? (Outlook installed on Exchange server is crying that this cert. is not trusted)

Can all these self signed certificates be safely removed?

What is doing system center virtual machine manager cert on exchange server?

It is first time I see this server. It looks that on this server is installed hyper-v with two vitrual machines and for sure this server needs a little cleanup. I will remove the domain, if they don't intend to register it again.

If I understand correctly, with rekeying you can also change SAN entries?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Sorry for bothering you with additional questions.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40386309
If there is already a certificate in existence, then as long as you export it with the private key then you can import it on to any other machine. Remember to check if the certificate also needs intermediate or root certificates installed on the server as well.

As for the self signed certificates, leave the one for Microsoft Exchange assigned to SMTP.
As you can no longer get internal name certificates from trusted providers, you need that one for Exchange to operate correctly.
When (or if it already has) expired, then just run new-exchangecertificate, with no switches on the server and Exchange will generate a new one. You will prompted to replace the default SMTP certificate. Say yes to that. You can then remove the old one.

Outlook shouldn't be installed on the Exchange server, so I would remove it. I cannot answer any questions about the SCVMM certificates - you may have to ask that question in the appropriate zone.

Simon.
0
 
LVL 27

Author Closing Comment

by:davorin
ID: 40392557
Thank you very much, Simon.
As always, your answers are very helpful.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now