Solved

Exchange 2010 3rd Party SSL Certificate Issue

Posted on 2015-01-14
5
88 Views
Last Modified: 2015-01-24
I have been having an extreme problem with getting 3rd party Certificate in Exchange 2010, first we tried to renew the Expired 1 year SSL Certificate and they sent me a (.crt) and then it hung in (Pending Status) and then I created a request for a new 3rd Party Certificate and sent off the request info needed and then I was sent back another .crt file and tried to apply it to the New Cert Pending request, then I found out that the Cert had to be validated and then they sent me a (.cer) certificate and I tried to Complete Pending Request over top of the previous one and I received Active Directory Errors the LDAP Server is Unavailable ( An Active Directory error 0x51 occurred)
Any insight is greatly appreciate as I cannot understand how this process has taken 3 days and I am still running into issues, the first question is since I tried to Complete the Pending Request more than Once do I need to start over again?
0
Comment
Question by:dtssupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40550000
Yes, I would recommend starting over fresh.  Be sure that you request the SSL certificate from within Exchange 2010 and that you retrieve it in the proper format.  Most providers will ask you to select whether you're securing an email server or a web server.

Here's a simple article on how to request a renewal using Exchange 2010:

http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx

You want to specifically use the method under "This example generates a request to renew a certificate issued by a certification authority" if you're not using a self-signed certificate. Or, you can generate a new certificate request, instead of trying to renew the old one, and then simply replace the old one with the new one.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40550364
Just to add, when you get your Exchange Certificate you need to do the following...
- import the certificate using IIS or Certifciates MMC snap-in
- Open EMS and run the following commands (this needs to be run on the server with the certificate, cannot be run remotely)
Get-ExchangeCertificate | ft

- You should see the old cert and also the new cert that you have imported (note that each cert has a thumbprint)
- You will then need to assign the services to the new cert which will replace the old one

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxx -services "imap,smtp,pop,iis"

- Click Y to accept the changes

This will have now replaced the old certificate on your Exchange server. If you have multiple CAS servers in your environment you will need to export the cert (with the private key) and import them on to every other CAS in your environment. You will also need to run the above powershell commands as well to ensure that you enable the cert.

Will.
0
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 40550583
0
 

Accepted Solution

by:
dtssupport earned 0 total points
ID: 40557643
When renewing a SSL Certificate from the same vendor you just have to Import the .crt in to Personal Store and Trusted Root Authorities Store, then Import the Certificate through the EMC and enter the original Private Key Password and then the import is complete, check IIS to make sure the *443 is pointing to the new certificate.
0
 

Author Closing Comment

by:dtssupport
ID: 40567982
- reviewing the process and finding out the Private Key password then I was able to complete it successfully.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question