• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 79
  • Last Modified:

renew SSL in Exchange 2007 environment

Hello,
We have an Exchange 2007 environment and we’re in the process of renewing our SSL certificate. We’ve been using the certificate in OWA and Active Sync phones (mainly i-phones).  My question is, once we renew the certificate,  do we need to remove/add the account on the mobile phones, or does the certificate update in the background automatically?
0
Thor2923
Asked:
Thor2923
1 Solution
 
it_saigeDeveloperCommented:
Normally no.  The certificate used by exchange is not a client certificate.  It is used by the clients to validate that the https address, they are connecting to, is secured.

-saige-
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
When you import the new cert it does not autocratically update itself. With Exchange you will need to specifically assign the services to the certificate you have imported. You will need to do this on all of your CAS servers in your environment.

You need to run these commands directly on the CAS server, not from a remote machine.

Get-ExchangeCertificate | fl

Enable-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

It will prompt you that this will be the default cert press Y to accept.

You can then remove the old Exchange cert once you have tested this new one.

Remove-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxxx

Will.
0
 
Simon Butler (Sembee)ConsultantCommented:
As long as you are using an externally trusted SSL certificate, you will not have to do anything on the clients.
It is the same as when you browse to your bank or Amazon. When they change their certificate you do not have to do anything.
That is the whole point of using a trusted commercial SSL certificate, rather than a self signed one.

Simon.
0
 
Md. MojahidCommented:
The renewal process involves generating a fresh CSR (Certificate Signing Request) on one of your Exchange Client Access servers. This is then sent to a root certification authority (e.g. VeriSign) for processing into a valid SSL certificate (essentially they sign the request).


http://support.godaddy.com/help/article/5353/ssl-certificate-renewal-microsoft-iis-6x

OR

http://support.godaddy.com/help/article/4802/ssl-certificate-renewal-microsoft-iis-7

http://support.godaddy.com/help/article/864/renewing-your-ssl-certificate

http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now