Update a UCS SSL on SBS 2011 server

What's the easiest way to update a UCS SSL that I added a name to on a SBS 2011 server?

Added a second autodiscover for a 2nd hosted email domain for autosync purposes and want to do this as cleanly as possible.
LVL 31
pgm554Asked:
Who is Participating?
 
pgm554Author Commented:
Looks like what I have here is a semantic issue.

If I set up an IOS device using the credentials from the main server mail domain person@xyz.com,it will register the device and use the secondary email person@abc.com as I had removed the primary email domain for that user.

Now for the testing part.
0
 
Simon Butler (Sembee)ConsultantCommented:
Create a new request on the Exchange 2010 server using the wizard to generate the CSR.
Put it through the trusted certificate provider's process to get the response.
Complete the response in Exchange 2010.
Then in the SBS management console, choose to install an existing SSL certificate and choose your new certificate.

Simon.
0
 
pgm554Author Commented:
Do i have to redo the intermediate or can I skip that?
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Simon Butler (Sembee)ConsultantCommented:
The intermediate certificate is not unique to you, so that can be left alone UNLESS there is a different/new intermediate certificate supplied - some SSL vendors have been changing the chain requiring new intermediate certificates to be installed.

Simon.
0
 
pgm554Author Commented:
I used the SSL wizard in SBS 2011 to generate a new ssl for the additional SAN autodiscover.xyz.com and when I try to add it using the sbs wizard it gives me an unsupported domain error.

If I remove it and rekey,the import works fine.

From what you are saying in your post ,I should generate the request from Exchange instead of the sbs wizard to add the additional autodiscover SAN?
0
 
Simon Butler (Sembee)ConsultantCommented:
Yes - generate the certificate request and response in Exchange.
However once you have completed the response, do not enable it in Exchange.
Then go to the SSL wizard in SBS and run through the wizard, choosing the option to install an existing certificate. You can then select your new one.

Simon.
0
 
pgm554Author Commented:
I don't get exactly what I need to do from the EX wizard.

I am using this for reference,but am unsure as to how to name the new certs.

https://www.youtube.com/watch?v=gbqv4XqAfvI

Never done it before,so there is a bit of confusion as to how to proceed.
0
 
Simon Butler (Sembee)ConsultantCommented:
The wizard is easy to deal with - just fill in the first box with something, until you get to the last screen. The wizard is there to help you with the names, but has no effect on the operation of the server.
When you get to the last screen, you can then change the names on the certificate, set a different one to the common name (it needs to be remote.example.com if you have used the defaults in the SBS wizard).

Simon.
0
 
pgm554Author Commented:
This seems to work without the hassle of playing with SSL name certs.
So I just going to call it a day and use this as a solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.