Solved

renew SSL in Exchange 2007 environment

Posted on 2015-01-23
4
68 Views
Last Modified: 2015-02-12
Hello,
We have an Exchange 2007 environment and we’re in the process of renewing our SSL certificate. We’ve been using the certificate in OWA and Active Sync phones (mainly i-phones).  My question is, once we renew the certificate,  do we need to remove/add the account on the mobile phones, or does the certificate update in the background automatically?
0
Comment
Question by:Thor2923
4 Comments
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40566454
Normally no.  The certificate used by exchange is not a client certificate.  It is used by the clients to validate that the https address, they are connecting to, is secured.

-saige-
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566520
When you import the new cert it does not autocratically update itself. With Exchange you will need to specifically assign the services to the certificate you have imported. You will need to do this on all of your CAS servers in your environment.

You need to run these commands directly on the CAS server, not from a remote machine.

Get-ExchangeCertificate | fl

Enable-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

It will prompt you that this will be the default cert press Y to accept.

You can then remove the old Exchange cert once you have tested this new one.

Remove-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxxx

Will.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40566973
As long as you are using an externally trusted SSL certificate, you will not have to do anything on the clients.
It is the same as when you browse to your bank or Amazon. When they change their certificate you do not have to do anything.
That is the whole point of using a trusted commercial SSL certificate, rather than a self signed one.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40567920
The renewal process involves generating a fresh CSR (Certificate Signing Request) on one of your Exchange Client Access servers. This is then sent to a root certification authority (e.g. VeriSign) for processing into a valid SSL certificate (essentially they sign the request).


http://support.godaddy.com/help/article/5353/ssl-certificate-renewal-microsoft-iis-6x

OR

http://support.godaddy.com/help/article/4802/ssl-certificate-renewal-microsoft-iis-7

http://support.godaddy.com/help/article/864/renewing-your-ssl-certificate

http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now