Exchange 2010 Certificate

I have an Exchange 2010 environment that is using a GoDaddy issued UCC SSL certificate. I need to add an additional SAN to the certificate which I can do on the GD site then re-key. My question is on the csr side. Do I need to use the Exchange mmc to create a new csr or can I use the IIS mmc? I started the wizard using the Exchange mmc but stopped when asked about the services. What exactly do I need to select here? It is a bit confusing seeing as Exchange is treating it like a new cert and GD seems like they are simply re-issuing the cert with the new SAN.

Can someone explain exactly where I need to do the csr from and what information I need to include in this scenario?

Thanks
agcsupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jaroslav MrazCTOCommented:
Hi,

If you using Exchange UCC SSL cert it is ssl cert where you have multiple FDQN names. Minimaly autodiscover.domain.com and FDQN of exchange example mail.domain.com public and same both if you localy have domain.local Based on services you tick. Becouse exchange is scale able is normal that biger company have evry service like smtp on another server so they need to setup them. But basicly if have only one server tick everything without unified comunication to create new crs.

IIS can only create eildcard *.domain.com or single domain like mail.domain.com

But for your scenariou you can simple ask suport to add or remove or change It for you without need new CRS becouse PK and public key will remain same. And then import it back and use asign servicies option.
0
MAS (MVE)EE Solution GuideCommented:
Use this to generate the CSR command to rekey your certificate with new SANs
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
agcsupportAuthor Commented:
Ok so I was able to create the csr using the above tool. I have added the SAN, re-keyed the cert, downloaded, installed and assigned services.

I now need to assign the cert to my other two servers.  I have exported the cert to .pfx file. I was able to import to my other exchange 2010 server using the MMC. I did recieve an warning about ssl on the root domain but found a enable-exchangecertificate command with the -DoNotRequireSSL switch. I attempted to use the mmc to import the cert to my exchange 2013 hybrid server but receive the following error:

'The imported certificate file for server aaabbbccc failed to access for the following reason: Could not find file '\\aaa\bbb\newcertexp.pfx'

I am able to unc to the file location with no problems. I then decided to use powershell and ran the following command:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\ssl\new_cert_export\newcertpfx.pfx -Encoding byte -ReadCount 0)) -Password:xxxxxxx

When I run the above command i receive the error:

Get-Content : Cannot find path 'C:\SSL\new_cert_export\newcertpfx.pfx' because it does not exist.
At line:1 char:49
+ Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\SSL\new_cer ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\SSL\new_cert_export\newcertpfx.pfx:String) [Get-Content], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand

Cannot bind argument to parameter 'FileData' because it is null.
    + CategoryInfo          : InvalidData: (:) [Import-ExchangeCertificate], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Import-ExchangeCertificate
    + PSComputerName        : aaa.bbb.com



Please advise
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.