Link to home
Start Free TrialLog in
Avatar of davorin
davorinFlag for Slovenia

asked on

certificate for exchange 2010

Hi,

we have created a certificate request for exchange 2010 server and I have started certificate issuing procedure on Godaddy.
The server is authoritative for 5 different domains and for all 5 domains there is an autodiscover SAN record.
At verification they have noticed, that one of the domains currently is not registered anymore, so it cannot be listed on the certificate. I wanted to recreate the request on the exchange server without autodiscover record for that domain and start the procedure again. But at Godaddy they insured me, that it is enough if I simply remove SAN name from the request at their console (What I also did).
Will I have problems to complete pending certificate request at Exchange server with so modified certificate?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Thank you very much!
Avatar of M A
M A
Flag of United States of America image

You can import certificate which has SANs which is not owned by you.

If you want to recreate the certificate please use this to generate CSR easily
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of davorin

ASKER

New certificate was accepted by Exchange server with no problem and I have assigned to it IMAP, POP, IIS and SMTP services.

I have removed old expired certificate, but there are listed another three self signed certificates:
- (no name) assigned to IMAP, POP, SMTP
- Microsoft Exchange assigned to SMTP
- SCVMM_CERTIFICATE_KEY_CONTAINERserver.domain.local not assigned to any service ????? (Outlook installed on Exchange server is crying that this cert. is not trusted)

Can all these self signed certificates be safely removed?

What is doing system center virtual machine manager cert on exchange server?

It is first time I see this server. It looks that on this server is installed hyper-v with two vitrual machines and for sure this server needs a little cleanup. I will remove the domain, if they don't intend to register it again.

If I understand correctly, with rekeying you can also change SAN entries?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Sorry for bothering you with additional questions.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of davorin

ASKER

Thank you very much, Simon.
As always, your answers are very helpful.