Solved

Exchange 2010 3rd Party SSL Certificate Issue

Posted on 2015-01-14
5
80 Views
Last Modified: 2015-01-24
I have been having an extreme problem with getting 3rd party Certificate in Exchange 2010, first we tried to renew the Expired 1 year SSL Certificate and they sent me a (.crt) and then it hung in (Pending Status) and then I created a request for a new 3rd Party Certificate and sent off the request info needed and then I was sent back another .crt file and tried to apply it to the New Cert Pending request, then I found out that the Cert had to be validated and then they sent me a (.cer) certificate and I tried to Complete Pending Request over top of the previous one and I received Active Directory Errors the LDAP Server is Unavailable ( An Active Directory error 0x51 occurred)
Any insight is greatly appreciate as I cannot understand how this process has taken 3 days and I am still running into issues, the first question is since I tried to Complete the Pending Request more than Once do I need to start over again?
0
Comment
Question by:dtssupport
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40550000
Yes, I would recommend starting over fresh.  Be sure that you request the SSL certificate from within Exchange 2010 and that you retrieve it in the proper format.  Most providers will ask you to select whether you're securing an email server or a web server.

Here's a simple article on how to request a renewal using Exchange 2010:

http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You want to specifically use the method under "This example generates a request to renew a certificate issued by a certification authority" if you're not using a self-signed certificate. Or, you can generate a new certificate request, instead of trying to renew the old one, and then simply replace the old one with the new one.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40550364
Just to add, when you get your Exchange Certificate you need to do the following...
- import the certificate using IIS or Certifciates MMC snap-in
- Open EMS and run the following commands (this needs to be run on the server with the certificate, cannot be run remotely)
Get-ExchangeCertificate | ft

- You should see the old cert and also the new cert that you have imported (note that each cert has a thumbprint)
- You will then need to assign the services to the new cert which will replace the old one

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxx -services "imap,smtp,pop,iis"

- Click Y to accept the changes

This will have now replaced the old certificate on your Exchange server. If you have multiple CAS servers in your environment you will need to export the cert (with the private key) and import them on to every other CAS in your environment. You will also need to run the above powershell commands as well to ensure that you enable the cert.

Will.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 40550583
0
 

Accepted Solution

by:
dtssupport earned 0 total points
ID: 40557643
When renewing a SSL Certificate from the same vendor you just have to Import the .crt in to Personal Store and Trusted Root Authorities Store, then Import the Certificate through the EMC and enter the original Private Key Password and then the import is complete, check IIS to make sure the *443 is pointing to the new certificate.
0
 

Author Closing Comment

by:dtssupport
ID: 40567982
- reviewing the process and finding out the Private Key password then I was able to complete it successfully.
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now