• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 155
  • Last Modified:

Generate Certificate file in Exchange 2010

When generating Certificate file for Exchange 2010, do we need to do that for CAS server only or other servers too (such as HT , Edge, Mbox) ?
if we generate certificate for CAS server only, does it matter which CAS we select to generate certificate file?

I have see the steps in the link below, but I still need some clarifications, since they have just one server shown in the snapshot.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Any help will be appreciated .

Thanks
0
jskfan
Asked:
jskfan
3 Solutions
 
Gareth GudgerCommented:
When generating Certificate file for Exchange 2010, do we need to do that for CAS server only or other servers too (such as HT , Edge, Mbox) ?

CAS only. If you have multiple CAS, once you process the request, you export it from one and import into others.

if we generate certificate for CAS server only, does it matter which CAS we select to generate certificate file?

Doesn't matter. As long as you complete the request on the same server. Once completed you can export and import the cert to other CAS servers.

That article is correct. Paul Cunningham is an Exchange MVP.
0
 
Sudhir BidyeCommented:
I would recommend to run the CSR generating wizard on the Internet facing CAS server itself, as it's gonna be the first server where you will be installing the certificate.
I have faced private key missing error while exporting and importing certificate between CAS servers sometimes. Of course we can fix them easily with the command but why waste time doing it.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You will also need to make sure that when you have installed the cert itself you will still need to proceed to add the appropriate services to the new cert in place. I would also recommend removing the old cert after you have tested the new cert and don't run into any issues.

- Open EMS
get-exchangecertificate
- You should see the current and the new Exchange Cert listed
enable-exchangecertificate -thumbprint xxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

Once you have tested this and it was successful you can remove the old certificate
remove-exchangecertificate -thumbprint xxxxxxxxxxxxxxx

Will.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
jskfanAuthor Commented:
Sudhir Bidye
Our CAS servers do not have "Internet facing " checkbox enabled.
we have 2 CAS servers do we need to enable one of them for Internet facing ?
0
 
Gareth GudgerCommented:
That is not necessary jskfan.
0
 
jskfanAuthor Commented:
Thank you Guys!
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now