Solved

Generate Certificate file in Exchange 2010

Posted on 2015-01-02
6
102 Views
Last Modified: 2015-01-09
When generating Certificate file for Exchange 2010, do we need to do that for CAS server only or other servers too (such as HT , Edge, Mbox) ?
if we generate certificate for CAS server only, does it matter which CAS we select to generate certificate file?

I have see the steps in the link below, but I still need some clarifications, since they have just one server shown in the snapshot.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Any help will be appreciated .

Thanks
0
Comment
Question by:jskfan
6 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 167 total points
ID: 40528801
When generating Certificate file for Exchange 2010, do we need to do that for CAS server only or other servers too (such as HT , Edge, Mbox) ?

CAS only. If you have multiple CAS, once you process the request, you export it from one and import into others.

if we generate certificate for CAS server only, does it matter which CAS we select to generate certificate file?

Doesn't matter. As long as you complete the request on the same server. Once completed you can export and import the cert to other CAS servers.

That article is correct. Paul Cunningham is an Exchange MVP.
0
 
LVL 3

Assisted Solution

by:Sudhir Bidye
Sudhir Bidye earned 167 total points
ID: 40528870
I would recommend to run the CSR generating wizard on the Internet facing CAS server itself, as it's gonna be the first server where you will be installing the certificate.
I have faced private key missing error while exporting and importing certificate between CAS servers sometimes. Of course we can fix them easily with the command but why waste time doing it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 166 total points
ID: 40529681
You will also need to make sure that when you have installed the cert itself you will still need to proceed to add the appropriate services to the new cert in place. I would also recommend removing the old cert after you have tested the new cert and don't run into any issues.

- Open EMS
get-exchangecertificate
- You should see the current and the new Exchange Cert listed
enable-exchangecertificate -thumbprint xxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

Once you have tested this and it was successful you can remove the old certificate
remove-exchangecertificate -thumbprint xxxxxxxxxxxxxxx

Will.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:jskfan
ID: 40530098
Sudhir Bidye
Our CAS servers do not have "Internet facing " checkbox enabled.
we have 2 CAS servers do we need to enable one of them for Internet facing ?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40530240
That is not necessary jskfan.
0
 

Author Closing Comment

by:jskfan
ID: 40541574
Thank you Guys!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

29 Experts available now in Live!

Get 1:1 Help Now