dtssupport
asked on
Exchange 2010 3rd Party SSL Certificate Issue
I have been having an extreme problem with getting 3rd party Certificate in Exchange 2010, first we tried to renew the Expired 1 year SSL Certificate and they sent me a (.crt) and then it hung in (Pending Status) and then I created a request for a new 3rd Party Certificate and sent off the request info needed and then I was sent back another .crt file and tried to apply it to the New Cert Pending request, then I found out that the Cert had to be validated and then they sent me a (.cer) certificate and I tried to Complete Pending Request over top of the previous one and I received Active Directory Errors the LDAP Server is Unavailable ( An Active Directory error 0x51 occurred)
Any insight is greatly appreciate as I cannot understand how this process has taken 3 days and I am still running into issues, the first question is since I tried to Complete the Pending Request more than Once do I need to start over again?
Any insight is greatly appreciate as I cannot understand how this process has taken 3 days and I am still running into issues, the first question is since I tried to Complete the Pending Request more than Once do I need to start over again?
Just to add, when you get your Exchange Certificate you need to do the following...
- import the certificate using IIS or Certifciates MMC snap-in
- Open EMS and run the following commands (this needs to be run on the server with the certificate, cannot be run remotely)
Get-ExchangeCertificate | ft
- You should see the old cert and also the new cert that you have imported (note that each cert has a thumbprint)
- You will then need to assign the services to the new cert which will replace the old one
Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxx -services "imap,smtp,pop,iis"
- Click Y to accept the changes
This will have now replaced the old certificate on your Exchange server. If you have multiple CAS servers in your environment you will need to export the cert (with the private key) and import them on to every other CAS in your environment. You will also need to run the above powershell commands as well to ensure that you enable the cert.
Will.
- import the certificate using IIS or Certifciates MMC snap-in
- Open EMS and run the following commands (this needs to be run on the server with the certificate, cannot be run remotely)
Get-ExchangeCertificate | ft
- You should see the old cert and also the new cert that you have imported (note that each cert has a thumbprint)
- You will then need to assign the services to the new cert which will replace the old one
Enable-ExchangeCertificate
- Click Y to accept the changes
This will have now replaced the old certificate on your Exchange server. If you have multiple CAS servers in your environment you will need to export the cert (with the private key) and import them on to every other CAS in your environment. You will also need to run the above powershell commands as well to ensure that you enable the cert.
Will.
Here is a tool to crease CSR easily
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
- reviewing the process and finding out the Private Key password then I was able to complete it successfully.
Here's a simple article on how to request a renewal using Exchange 2010:
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx
You want to specifically use the method under "This example generates a request to renew a certificate issued by a certification authority" if you're not using a self-signed certificate. Or, you can generate a new certificate request, instead of trying to renew the old one, and then simply replace the old one with the new one.