Solved

renew SSL in Exchange 2007 environment

Posted on 2015-01-23
4
72 Views
Last Modified: 2015-02-12
Hello,
We have an Exchange 2007 environment and we’re in the process of renewing our SSL certificate. We’ve been using the certificate in OWA and Active Sync phones (mainly i-phones).  My question is, once we renew the certificate,  do we need to remove/add the account on the mobile phones, or does the certificate update in the background automatically?
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 34

Accepted Solution

by:
it_saige earned 500 total points
ID: 40566454
Normally no.  The certificate used by exchange is not a client certificate.  It is used by the clients to validate that the https address, they are connecting to, is secured.

-saige-
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566520
When you import the new cert it does not autocratically update itself. With Exchange you will need to specifically assign the services to the certificate you have imported. You will need to do this on all of your CAS servers in your environment.

You need to run these commands directly on the CAS server, not from a remote machine.

Get-ExchangeCertificate | fl

Enable-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

It will prompt you that this will be the default cert press Y to accept.

You can then remove the old Exchange cert once you have tested this new one.

Remove-ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxxx

Will.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40566973
As long as you are using an externally trusted SSL certificate, you will not have to do anything on the clients.
It is the same as when you browse to your bank or Amazon. When they change their certificate you do not have to do anything.
That is the whole point of using a trusted commercial SSL certificate, rather than a self signed one.

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40567920
The renewal process involves generating a fresh CSR (Certificate Signing Request) on one of your Exchange Client Access servers. This is then sent to a root certification authority (e.g. VeriSign) for processing into a valid SSL certificate (essentially they sign the request).


http://support.godaddy.com/help/article/5353/ssl-certificate-renewal-microsoft-iis-6x

OR

http://support.godaddy.com/help/article/4802/ssl-certificate-renewal-microsoft-iis-7

http://support.godaddy.com/help/article/864/renewing-your-ssl-certificate

http://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question