Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 165
  • Last Modified:

certificate for exchange 2010

Hi,

we have created a certificate request for exchange 2010 server and I have started certificate issuing procedure on Godaddy.
The server is authoritative for 5 different domains and for all 5 domains there is an autodiscover SAN record.
At verification they have noticed, that one of the domains currently is not registered anymore, so it cannot be listed on the certificate. I wanted to recreate the request on the exchange server without autodiscover record for that domain and start the procedure again. But at Godaddy they insured me, that it is enough if I simply remove SAN name from the request at their console (What I also did).
Will I have problems to complete pending certificate request at Exchange server with so modified certificate?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Thank you very much!
0
davorin
Asked:
davorin
  • 2
  • 2
2 Solutions
 
MASTechnical Department HeadCommented:
You can import certificate which has SANs which is not owned by you.

If you want to recreate the certificate please use this to generate CSR easily
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 
Simon Butler (Sembee)ConsultantCommented:
Removing a name from the certificate shouldn't cause a problem.
If it does, then just create a new CSR using the wizard in Exchange 2010, then do a rekey in the GoDaddy SSL control panel. They do not charge for that and the old certificate will work for 24 hours after the rekey to give you time to change them over.

If the domain is no longer registered then I would remove it from the list of domains in Exchange.

Simon.
0
 
davorinAuthor Commented:
New certificate was accepted by Exchange server with no problem and I have assigned to it IMAP, POP, IIS and SMTP services.

I have removed old expired certificate, but there are listed another three self signed certificates:
- (no name) assigned to IMAP, POP, SMTP
- Microsoft Exchange assigned to SMTP
- SCVMM_CERTIFICATE_KEY_CONTAINERserver.domain.local not assigned to any service ????? (Outlook installed on Exchange server is crying that this cert. is not trusted)

Can all these self signed certificates be safely removed?

What is doing system center virtual machine manager cert on exchange server?

It is first time I see this server. It looks that on this server is installed hyper-v with two vitrual machines and for sure this server needs a little cleanup. I will remove the domain, if they don't intend to register it again.

If I understand correctly, with rekeying you can also change SAN entries?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Sorry for bothering you with additional questions.
0
 
Simon Butler (Sembee)ConsultantCommented:
If there is already a certificate in existence, then as long as you export it with the private key then you can import it on to any other machine. Remember to check if the certificate also needs intermediate or root certificates installed on the server as well.

As for the self signed certificates, leave the one for Microsoft Exchange assigned to SMTP.
As you can no longer get internal name certificates from trusted providers, you need that one for Exchange to operate correctly.
When (or if it already has) expired, then just run new-exchangecertificate, with no switches on the server and Exchange will generate a new one. You will prompted to replace the default SMTP certificate. Say yes to that. You can then remove the old one.

Outlook shouldn't be installed on the Exchange server, so I would remove it. I cannot answer any questions about the SCVMM certificates - you may have to ask that question in the appropriate zone.

Simon.
0
 
davorinAuthor Commented:
Thank you very much, Simon.
As always, your answers are very helpful.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now