Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

certificate for exchange 2010

Posted on 2014-10-16
5
Medium Priority
?
161 Views
Last Modified: 2014-10-20
Hi,

we have created a certificate request for exchange 2010 server and I have started certificate issuing procedure on Godaddy.
The server is authoritative for 5 different domains and for all 5 domains there is an autodiscover SAN record.
At verification they have noticed, that one of the domains currently is not registered anymore, so it cannot be listed on the certificate. I wanted to recreate the request on the exchange server without autodiscover record for that domain and start the procedure again. But at Godaddy they insured me, that it is enough if I simply remove SAN name from the request at their console (What I also did).
Will I have problems to complete pending certificate request at Exchange server with so modified certificate?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Thank you very much!
0
Comment
Question by:davorin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:MAS
ID: 40384932
You can import certificate which has SANs which is not owned by you.

If you want to recreate the certificate please use this to generate CSR easily
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40385506
Removing a name from the certificate shouldn't cause a problem.
If it does, then just create a new CSR using the wizard in Exchange 2010, then do a rekey in the GoDaddy SSL control panel. They do not charge for that and the old certificate will work for 24 hours after the rekey to give you time to change them over.

If the domain is no longer registered then I would remove it from the list of domains in Exchange.

Simon.
0
 
LVL 27

Author Comment

by:davorin
ID: 40386247
New certificate was accepted by Exchange server with no problem and I have assigned to it IMAP, POP, IIS and SMTP services.

I have removed old expired certificate, but there are listed another three self signed certificates:
- (no name) assigned to IMAP, POP, SMTP
- Microsoft Exchange assigned to SMTP
- SCVMM_CERTIFICATE_KEY_CONTAINERserver.domain.local not assigned to any service ????? (Outlook installed on Exchange server is crying that this cert. is not trusted)

Can all these self signed certificates be safely removed?

What is doing system center virtual machine manager cert on exchange server?

It is first time I see this server. It looks that on this server is installed hyper-v with two vitrual machines and for sure this server needs a little cleanup. I will remove the domain, if they don't intend to register it again.

If I understand correctly, with rekeying you can also change SAN entries?
Is it possible to import and use certificate on exchange server without creating the request first? (Let say in case a customer already has a wildcard certificate).

Sorry for bothering you with additional questions.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 40386309
If there is already a certificate in existence, then as long as you export it with the private key then you can import it on to any other machine. Remember to check if the certificate also needs intermediate or root certificates installed on the server as well.

As for the self signed certificates, leave the one for Microsoft Exchange assigned to SMTP.
As you can no longer get internal name certificates from trusted providers, you need that one for Exchange to operate correctly.
When (or if it already has) expired, then just run new-exchangecertificate, with no switches on the server and Exchange will generate a new one. You will prompted to replace the default SMTP certificate. Say yes to that. You can then remove the old one.

Outlook shouldn't be installed on the Exchange server, so I would remove it. I cannot answer any questions about the SCVMM certificates - you may have to ask that question in the appropriate zone.

Simon.
0
 
LVL 27

Author Closing Comment

by:davorin
ID: 40392557
Thank you very much, Simon.
As always, your answers are very helpful.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question