Steps and impact in renewing Standard Multiple Domain (UCC) SSL for Exchange 2010 ?


Can anyone here please let me know what are the steps involved in renewing the Standard Multiple Domain (UCC) SSL in my Exchange Server 2010 SP3 ?

Is there any outage required ?

LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
You go to the certificate authority and follow their procedures for renewing your certificate(s) and then download your new certificate. you then using the mmc and install the certificate and the intermediate certificates.. and then from the exchange management shell you configure exchange to use the new certificates.. There is no significant downtime.. maybe a few seconds if the server needs to be restarted.
one walkthrough that is not CA dependant
Digicert walkthrough that includes a video
Jason CrawfordTransport NinjaCommented:
Please do not use MMC to install the new Exchange cert.  The process to renew is the same as installing a new cert.  The easiest method is to generate a new CSR from EMC, submit the CSR to your cert authority, and finally complete the cert request in EMC.  The server will not need to be restarted, and you don't even have to reset IIS.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks Keyser and David,

So in this case after I submitted the CSR, I will get the new one from Verisign, after that, I can just import the zipped certificate from Verisign to my CAS server and the hardware load balancer.

is that correct ?

Steps required for each CAS server:
Use the EMC to import a new Exchange certificate

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Client Access server security settings" entry in the Client Access Permissions topic.
In the console tree, click Server Configuration.
From the action pane, click Import Exchange Certificate to open the Import Exchange Certificate wizard.
This wizard helps you import a certificate with a valid private key to your Exchange server. You must enter the password of the private key for a successful import.
On the Introduction page, click Browse to select the file that contains the exported certificate, and then enter the password for the certificate.
On the Exchange Server Selection page, select the Exchange server that you want to import the certificate to.
On the Completion page, verify that all previously selected options are correct.
On the final page, follow the steps listed to complete your request. This page also displays the Shell cmdlet syntax necessary to import the certificate.

Open in new window

Jason CrawfordTransport NinjaCommented:
First unzip the files contained in the .zip Verisign gave you.  You'll want to go back to the server you generated the cert request from and select the option to complete the request.  During this process you'll have the opportunity to browse to the cert provided by Verisign.  Follow the instructions specific to your load balancer.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.