Update a UCS SSL on SBS 2011 server

What's the easiest way to update a UCS SSL that I added a name to on a SBS 2011 server?

Added a second autodiscover for a 2nd hosted email domain for autosync purposes and want to do this as cleanly as possible.
LVL 31
pgm554Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Create a new request on the Exchange 2010 server using the wizard to generate the CSR.
Put it through the trusted certificate provider's process to get the response.
Complete the response in Exchange 2010.
Then in the SBS management console, choose to install an existing SSL certificate and choose your new certificate.

Simon.
0
pgm554Author Commented:
Do i have to redo the intermediate or can I skip that?
0
Simon Butler (Sembee)ConsultantCommented:
The intermediate certificate is not unique to you, so that can be left alone UNLESS there is a different/new intermediate certificate supplied - some SSL vendors have been changing the chain requiring new intermediate certificates to be installed.

Simon.
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

pgm554Author Commented:
I used the SSL wizard in SBS 2011 to generate a new ssl for the additional SAN autodiscover.xyz.com and when I try to add it using the sbs wizard it gives me an unsupported domain error.

If I remove it and rekey,the import works fine.

From what you are saying in your post ,I should generate the request from Exchange instead of the sbs wizard to add the additional autodiscover SAN?
0
Simon Butler (Sembee)ConsultantCommented:
Yes - generate the certificate request and response in Exchange.
However once you have completed the response, do not enable it in Exchange.
Then go to the SSL wizard in SBS and run through the wizard, choosing the option to install an existing certificate. You can then select your new one.

Simon.
0
pgm554Author Commented:
I don't get exactly what I need to do from the EX wizard.

I am using this for reference,but am unsure as to how to name the new certs.

https://www.youtube.com/watch?v=gbqv4XqAfvI

Never done it before,so there is a bit of confusion as to how to proceed.
0
pgm554Author Commented:
Looks like what I have here is a semantic issue.

If I set up an IOS device using the credentials from the main server mail domain person@xyz.com,it will register the device and use the secondary email person@abc.com as I had removed the primary email domain for that user.

Now for the testing part.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
The wizard is easy to deal with - just fill in the first box with something, until you get to the last screen. The wizard is there to help you with the names, but has no effect on the operation of the server.
When you get to the last screen, you can then change the names on the certificate, set a different one to the common name (it needs to be remote.example.com if you have used the defaults in the SBS wizard).

Simon.
0
pgm554Author Commented:
This seems to work without the hassle of playing with SSL name certs.
So I just going to call it a day and use this as a solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.