Expired UCC certificate Exch 2007
Hello,
Today my UCC SAN certificate has expired for our Exchange 2007 server. I have been involved in other stuff and missed this critical date.. unforgivable i know!
I was going to change my SAN details as per this post:
http://www.experts-exchang
but have run out of time. It appears I could have changed the SAN and server name details prior to first renewal.
Now that it's expired, it appears I can still renew on godaddy account for a further 30 days after expiry, but assume i can no longer change the new SAN names (FQDNs etc).
Is a renewal at this stage (in terms of exchange understanding the renewed certificate) the same as installing a new one?
Is it best to just ditch the old cert and start totally afresh with a new certificate with revised SAN names etc?
really annoyed with myself that i've heaped more pressure onto me by not sorting this sooner, so would appreciate any help :(
Today my UCC SAN certificate has expired for our Exchange 2007 server. I have been involved in other stuff and missed this critical date.. unforgivable i know!
I was going to change my SAN details as per this post:
http://www.experts-exchang
but have run out of time. It appears I could have changed the SAN and server name details prior to first renewal.
Now that it's expired, it appears I can still renew on godaddy account for a further 30 days after expiry, but assume i can no longer change the new SAN names (FQDNs etc).
Is a renewal at this stage (in terms of exchange understanding the renewed certificate) the same as installing a new one?
Is it best to just ditch the old cert and start totally afresh with a new certificate with revised SAN names etc?
really annoyed with myself that i've heaped more pressure onto me by not sorting this sooner, so would appreciate any help :(
I got your Point. Best option is to get new certificate with all SAN names you want and installed it. Once done with testing, delete old certificate and skip old certificate renewal.
ASKER
Thanks MAS
Do you not mean
"remove-ExchangeCertificat
I also assume clients are going to scream until the new cert is trusted via GPO?
Do you not mean
"remove-ExchangeCertificat
I also assume clients are going to scream until the new cert is trusted via GPO?
Are you planning to use a self signed certificate or a 3rd party certificate ?
If self signed you will have to issue from the same CA which you issued before.
If it is 3rd party certificate no need to worry. You can install a new certificate and delete the old one.
If self signed you will have to issue from the same CA which you issued before.
If it is 3rd party certificate no need to worry. You can install a new certificate and delete the old one.
ASKER
It's 3rd party godaddy cert MAS.
So install it all first before deleting old ones?
So install it all first before deleting old ones?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that MAS. there's a lot more to do when changing SAN names i've discovered!
install new certificate
https://support.godaddy.com/help/article/4877/installing-an-ssl-certificate-in-microsoft-exchange-server-2007
And enable services
Open in new window
You will get the thumbprint by command "Get-Exchangecertificate"and delete the old certificate.
Open in new window