Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 Certificate Renewal on 2nd CAS server

Posted on 2015-02-20
9
Medium Priority
?
337 Views
Last Modified: 2015-02-20
We have recently renewed our GoDaddy UCC SSL certificate.  We have 2 CAS servers in the environment.  Previous certs had same thumbprint.  Went through renewal process on primary exchange server, with no issue.  While renewing on second CAS server (with same cert file), I went and selected the renew cert, selected the issued certificate and completed the process.  However, the status is still in a pending state.  I noticed the thumbprint is different on this cert than on the 1st CAS server.  Previously certs both had the same thumbprint on both CAS servers.  
Are there different steps to configure on the 2nd CAS server in order to complete the pending request?

Thank you
0
Comment
Question by:trinity2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621085
Don't renew on the second server.

On the first server export the certificate and then import it to the second server.

Simon.
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 40621120
Make sure the export includes the private certificate as well (it must be marked as exportable for this to work), and save as a PFX file. The PFX file can be copied to the 2nd server and imported using the Certificates mmc.
0
 

Author Comment

by:trinity2007
ID: 40621125
I removed that request (on the 2nd sever), exported from the 1st server (as pfx) and imported  on 2nd server.  During import message stated that cert with the thumbprint -----------------  already exists.  When I check the certificates installed (on the 2nd server) through EMC and shell command I don't see that cert with the -------------------- thumbprint.  Only the one that is expiring.
Thanks
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621321
When you created the certificate on the first server, did you use a NEW certificate request, or did you reuse an old one? If the later you need to do the former.

Simon.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40621352
On the second Exchange server what do you see what you type Get-ExchangeCertificate | ft?

When you open the MMC for Certificate Services (local computer) what do you see in the Personal Store on that second Exchange server?

Will.
0
 

Author Comment

by:trinity2007
ID: 40621356
On the first server I did a renew, exported the CSR, uploaded to GoDaddy, and picked up the new cert from GoDaddy, completed the pending request.  I thought I would be able to do the same on the 2nd server.  I'm new to Exchange 2010 and having 2 CAS servers, so I'm not expert level at this.
0
 

Author Comment

by:trinity2007
ID: 40621368
Exchange Shell command: On the 2nd server I see the previous cert thumbprint along with the CA Root Cert for the exchange server itself.  
In the Certificates Personal Store I do see the new cert listed as well as the previous cert.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40621391
Yeah it is pretty straight forward, once you have enabled the cert on the first CAS server
- export the cert (with private key)
- Use the MMC to import the cert into the local computer Personal Store
- Open EMS
- Run the command Enable-ExchangeCertificate -Thumbprint -Services "pop,imap,smtp,iis"

It will prompt you that this will now be the primary cert for Exchange services click Y to complete the process.

Remove the old cert once this has been tested using the remove-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxx

Will.
0
 

Author Comment

by:trinity2007
ID: 40621520
Perfect...works..Thank you very much!!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This video discusses moving either the default database or any database to a new volume.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question