Certificate Question Migrating Exchange 2007 to 2013

I am about to undergo a migration from Exchange 2007 to 2013 and I am seeing in the Deployment Assistant and Microsoft's step-by-step article that it seems like I am supposed to request a new certificate from my CA.
I thought that somewhere I would have to export my SSL certificate and any others from my 2007 Exchange and import them onto my new 2013 server. Is that not true?

Please advise and if there are any articles I'd be interested in reading those too.
Joe LoweAsked:
Who is Participating?
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
The requirement for a new certificate is to allow both Exchange servers to have a valid host name that matches the certificate. When you migrate, you'll have to have two host names at a minimum (3 for the recommended scenario where autodiscover.domain.com is included), one for the 2013 server and one for the 2007 server. Normally, the 2007 server will be assigned a new host name called legacy.domain.com, while the 2013 server takes over the normal host name (mail.domain.com or whatever you're using). If your certificate only has mail.domain.com and autodiscover.domain.com (or just mail.domain.com) you'll need to generate a new certificate to support the additional host name the coexistence deployment requires.

Now, you can bypass the need for a new certificate, but doing so involves doing a complete cutover migration, where users may not have access to their mailboxes during the time it takes to move their mail from Exchange 2007 to 2013.

Also note, if you have a Wildcard certificate on Exchange 2007, you can use that for both servers without any issues or certificate regeneration.
Joe LoweAuthor Commented:
I did see the legacy.domain.com steps and figured it was just for the coexistence. I don't necessarily need that and have prepared users for downtime so a complete cutover was my plan. So since it was, I can just export and import all certificates from Exchange 2007 to 2013? Or just the 1 SSL?

I guess another question I have as it was not in any of the instructions but Microsoft advised I do this..before I do the migration of the user mailboxes, I should dismount the database before the migration process correct?
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
You can just export the certificate that you're using for OWA and import that to 2013.

As for Microsoft's recommendation...The DB has to be mounted for the mail to migrate, so I thing they may be referring to the recommendation of switching the databases (on both sides) to use Circular logging during the migration. This prevents massive Transaction log growth during the move, which can cause huge problems if there isn't enough space to store the transaction logs. Switching to Circular logging requires dismounting and remounting the database.
Joe LoweAuthor Commented:
Okay great. Thank you for the advise. Last question I believe. I found this site to export the certificates from 2007: http://msexchangeguru.com/2013/06/29/import-cert-e2013/

However when I do the command 'Get-ExchangeCertificate' I see 5 Thumbprints of certificates. How do I know which ones to export exactly? So far I followed the steps in the link I provided on all the certificates that are still valid. Should that be suffice?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.