Solved

renew SSL in Exchange 2007 environment

Posted on 2015-01-23
4
69 Views
Last Modified: 2015-02-12
Hello,
We have an Exchange 2007 environment and we’re in the process of renewing our SSL certificate. We’ve been using the certificate in OWA and Active Sync phones (mainly i-phones).  My question is, once we renew the certificate,  do we need to remove/add the account on the mobile phones, or does the certificate update in the background automatically?
0
Comment
Question by:Thor2923
4 Comments
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40566454
Normally no.  The certificate used by exchange is not a client certificate.  It is used by the clients to validate that the https address, they are connecting to, is secured.

-saige-
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566520
When you import the new cert it does not autocratically update itself. With Exchange you will need to specifically assign the services to the certificate you have imported. You will need to do this on all of your CAS servers in your environment.

You need to run these commands directly on the CAS server, not from a remote machine.

Get-ExchangeCertificate | fl

Enable-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

It will prompt you that this will be the default cert press Y to accept.

You can then remove the old Exchange cert once you have tested this new one.

Remove-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxxx

Will.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40566973
As long as you are using an externally trusted SSL certificate, you will not have to do anything on the clients.
It is the same as when you browse to your bank or Amazon. When they change their certificate you do not have to do anything.
That is the whole point of using a trusted commercial SSL certificate, rather than a self signed one.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40567920
The renewal process involves generating a fresh CSR (Certificate Signing Request) on one of your Exchange Client Access servers. This is then sent to a root certification authority (e.g. VeriSign) for processing into a valid SSL certificate (essentially they sign the request).


http://support.godaddy.com/help/article/5353/ssl-certificate-renewal-microsoft-iis-6x

OR

http://support.godaddy.com/help/article/4802/ssl-certificate-renewal-microsoft-iis-7

http://support.godaddy.com/help/article/864/renewing-your-ssl-certificate

http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question