Solved

Exchange 2010 Certificate Renewal on 2nd CAS server

Posted on 2015-02-20
9
331 Views
Last Modified: 2015-02-20
We have recently renewed our GoDaddy UCC SSL certificate.  We have 2 CAS servers in the environment.  Previous certs had same thumbprint.  Went through renewal process on primary exchange server, with no issue.  While renewing on second CAS server (with same cert file), I went and selected the renew cert, selected the issued certificate and completed the process.  However, the status is still in a pending state.  I noticed the thumbprint is different on this cert than on the 1st CAS server.  Previously certs both had the same thumbprint on both CAS servers.  
Are there different steps to configure on the 2nd CAS server in order to complete the pending request?

Thank you
0
Comment
Question by:trinity2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621085
Don't renew on the second server.

On the first server export the certificate and then import it to the second server.

Simon.
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 40621120
Make sure the export includes the private certificate as well (it must be marked as exportable for this to work), and save as a PFX file. The PFX file can be copied to the 2nd server and imported using the Certificates mmc.
0
 

Author Comment

by:trinity2007
ID: 40621125
I removed that request (on the 2nd sever), exported from the 1st server (as pfx) and imported  on 2nd server.  During import message stated that cert with the thumbprint -----------------  already exists.  When I check the certificates installed (on the 2nd server) through EMC and shell command I don't see that cert with the -------------------- thumbprint.  Only the one that is expiring.
Thanks
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621321
When you created the certificate on the first server, did you use a NEW certificate request, or did you reuse an old one? If the later you need to do the former.

Simon.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40621352
On the second Exchange server what do you see what you type Get-ExchangeCertificate | ft?

When you open the MMC for Certificate Services (local computer) what do you see in the Personal Store on that second Exchange server?

Will.
0
 

Author Comment

by:trinity2007
ID: 40621356
On the first server I did a renew, exported the CSR, uploaded to GoDaddy, and picked up the new cert from GoDaddy, completed the pending request.  I thought I would be able to do the same on the 2nd server.  I'm new to Exchange 2010 and having 2 CAS servers, so I'm not expert level at this.
0
 

Author Comment

by:trinity2007
ID: 40621368
Exchange Shell command: On the 2nd server I see the previous cert thumbprint along with the CA Root Cert for the exchange server itself.  
In the Certificates Personal Store I do see the new cert listed as well as the previous cert.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40621391
Yeah it is pretty straight forward, once you have enabled the cert on the first CAS server
- export the cert (with private key)
- Use the MMC to import the cert into the local computer Personal Store
- Open EMS
- Run the command Enable-ExchangeCertificate -Thumbprint -Services "pop,imap,smtp,iis"

It will prompt you that this will now be the primary cert for Exchange services click Y to complete the process.

Remove the old cert once this has been tested using the remove-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxx

Will.
0
 

Author Comment

by:trinity2007
ID: 40621520
Perfect...works..Thank you very much!!!!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question