Solved

Exchange 2010 Certificate Renewal on 2nd CAS server

Posted on 2015-02-20
9
296 Views
Last Modified: 2015-02-20
We have recently renewed our GoDaddy UCC SSL certificate.  We have 2 CAS servers in the environment.  Previous certs had same thumbprint.  Went through renewal process on primary exchange server, with no issue.  While renewing on second CAS server (with same cert file), I went and selected the renew cert, selected the issued certificate and completed the process.  However, the status is still in a pending state.  I noticed the thumbprint is different on this cert than on the 1st CAS server.  Previously certs both had the same thumbprint on both CAS servers.  
Are there different steps to configure on the 2nd CAS server in order to complete the pending request?

Thank you
0
Comment
Question by:trinity2007
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621085
Don't renew on the second server.

On the first server export the certificate and then import it to the second server.

Simon.
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 40621120
Make sure the export includes the private certificate as well (it must be marked as exportable for this to work), and save as a PFX file. The PFX file can be copied to the 2nd server and imported using the Certificates mmc.
0
 

Author Comment

by:trinity2007
ID: 40621125
I removed that request (on the 2nd sever), exported from the 1st server (as pfx) and imported  on 2nd server.  During import message stated that cert with the thumbprint -----------------  already exists.  When I check the certificates installed (on the 2nd server) through EMC and shell command I don't see that cert with the -------------------- thumbprint.  Only the one that is expiring.
Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621321
When you created the certificate on the first server, did you use a NEW certificate request, or did you reuse an old one? If the later you need to do the former.

Simon.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40621352
On the second Exchange server what do you see what you type Get-ExchangeCertificate | ft?

When you open the MMC for Certificate Services (local computer) what do you see in the Personal Store on that second Exchange server?

Will.
0
 

Author Comment

by:trinity2007
ID: 40621356
On the first server I did a renew, exported the CSR, uploaded to GoDaddy, and picked up the new cert from GoDaddy, completed the pending request.  I thought I would be able to do the same on the 2nd server.  I'm new to Exchange 2010 and having 2 CAS servers, so I'm not expert level at this.
0
 

Author Comment

by:trinity2007
ID: 40621368
Exchange Shell command: On the 2nd server I see the previous cert thumbprint along with the CA Root Cert for the exchange server itself.  
In the Certificates Personal Store I do see the new cert listed as well as the previous cert.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40621391
Yeah it is pretty straight forward, once you have enabled the cert on the first CAS server
- export the cert (with private key)
- Use the MMC to import the cert into the local computer Personal Store
- Open EMS
- Run the command Enable-ExchangeCertificate -Thumbprint -Services "pop,imap,smtp,iis"

It will prompt you that this will now be the primary cert for Exchange services click Y to complete the process.

Remove the old cert once this has been tested using the remove-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxx

Will.
0
 

Author Comment

by:trinity2007
ID: 40621520
Perfect...works..Thank you very much!!!!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now