Exchange 2003 - 2010 SSL Certificates


I have generated a Wildcard certificate for my new Exchange 2010 servers which will be coexisting with my single Exchange 2003 server.

The end users will not be accessing there mailboxes externally over OWA using mobile external devices and this is a single site (isolated).

Do I need to install the new 2010 wildcard certificate onto the current exchange 2003 server if OWA or external access is not required?

I didn't know if there's going to be any SSL communication mismatch between the Exchange servers during coexistence!
CTCRMInfrastructure EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CTCRMInfrastructure EngineerAuthor Commented:
Sorry Guys, Some users have OWA Enabled but guessing this is to allow them OWA internally, with it enabled for some users I'm guessing I'll need the new Ex2010 cert installing onto the 2003 server regardless of OWA internal/external?
Simon Butler (Sembee)ConsultantCommented:
Do you have a trusted certificate on the Exchange 2003 server at the moment?
If so, and you aren't reusing the name on the new server, then leave it alone.
If you have users accessing OWA internally then you will need to configure a legacy OWA URL within Exchange 2010 to match that host name, but that is about it.

However if you are going to reuse the name for Exchange 2010 OWA, then I would put the new certificate on to the old server. That will allow you to configure a legacy host name to point to Exchange 2003 and configure within Exchange 2010 and have users connect without prompts.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
When you install the new cert on the Exchagne 2010 server you will need to also enable this cert through the Exchange Management Shell. Use the following syntax...

This is to view the cert that you have already imported using IIS or MMC Cert Snapin
Get-ExchangeCertificate | ft

Open in new window

Once you know the Thumbprint use the following command...
Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxx -Services "pop,imap,iis,smtp"

Open in new window

Press Y to confirm and accept.

Then go to your OWA URL and check that the cert is correct.

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

CTCRMInfrastructure EngineerAuthor Commented:
Looking at the Ex2003 SRV MMC (Certs) and there is only 2 certs in the Personal folder.
Default POP3 Virtual Server
Issued to the Ex2003 server, and the other Issued to the Ex2003 server FQDN

Nothing more than that, are these Trusted Certs? If not then it seems that I can just configuring a legacy host name to point to Ex2003 on 2010.
Simon Butler (Sembee)ConsultantCommented:
You would need to look at who issued them, rather that issued to.
You could also try browsing to the server using the URL normally issued to the end users and see if you get SSL prompts.

CTCRMInfrastructure EngineerAuthor Commented:
Thanks Guys
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.