trinity2007
asked on
Exchange 2010 Certificate Renewal on 2nd CAS server
We have recently renewed our GoDaddy UCC SSL certificate. We have 2 CAS servers in the environment. Previous certs had same thumbprint. Went through renewal process on primary exchange server, with no issue. While renewing on second CAS server (with same cert file), I went and selected the renew cert, selected the issued certificate and completed the process. However, the status is still in a pending state. I noticed the thumbprint is different on this cert than on the 1st CAS server. Previously certs both had the same thumbprint on both CAS servers.
Are there different steps to configure on the 2nd CAS server in order to complete the pending request?
Thank you
Are there different steps to configure on the 2nd CAS server in order to complete the pending request?
Thank you
Make sure the export includes the private certificate as well (it must be marked as exportable for this to work), and save as a PFX file. The PFX file can be copied to the 2nd server and imported using the Certificates mmc.
ASKER
I removed that request (on the 2nd sever), exported from the 1st server (as pfx) and imported on 2nd server. During import message stated that cert with the thumbprint ----------------- already exists. When I check the certificates installed (on the 2nd server) through EMC and shell command I don't see that cert with the -------------------- thumbprint. Only the one that is expiring.
Thanks
Thanks
When you created the certificate on the first server, did you use a NEW certificate request, or did you reuse an old one? If the later you need to do the former.
Simon.
Simon.
On the second Exchange server what do you see what you type Get-ExchangeCertificate | ft?
When you open the MMC for Certificate Services (local computer) what do you see in the Personal Store on that second Exchange server?
Will.
When you open the MMC for Certificate Services (local computer) what do you see in the Personal Store on that second Exchange server?
Will.
ASKER
On the first server I did a renew, exported the CSR, uploaded to GoDaddy, and picked up the new cert from GoDaddy, completed the pending request. I thought I would be able to do the same on the 2nd server. I'm new to Exchange 2010 and having 2 CAS servers, so I'm not expert level at this.
ASKER
Exchange Shell command: On the 2nd server I see the previous cert thumbprint along with the CA Root Cert for the exchange server itself.
In the Certificates Personal Store I do see the new cert listed as well as the previous cert.
In the Certificates Personal Store I do see the new cert listed as well as the previous cert.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect...works..Thank you very much!!!!
On the first server export the certificate and then import it to the second server.
Simon.