Solved

Certificate Question Migrating Exchange 2007 to 2013

Posted on 2016-10-25
4
22 Views
Last Modified: 2016-10-25
I am about to undergo a migration from Exchange 2007 to 2013 and I am seeing in the Deployment Assistant and Microsoft's step-by-step article that it seems like I am supposed to request a new certificate from my CA.
I thought that somewhere I would have to export my SSL certificate and any others from my 2007 Exchange and import them onto my new 2013 server. Is that not true?

Please advise and if there are any articles I'd be interested in reading those too.
0
Comment
Question by:Joe Lowe
  • 2
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41859556
The requirement for a new certificate is to allow both Exchange servers to have a valid host name that matches the certificate. When you migrate, you'll have to have two host names at a minimum (3 for the recommended scenario where autodiscover.domain.com is included), one for the 2013 server and one for the 2007 server. Normally, the 2007 server will be assigned a new host name called legacy.domain.com, while the 2013 server takes over the normal host name (mail.domain.com or whatever you're using). If your certificate only has mail.domain.com and autodiscover.domain.com (or just mail.domain.com) you'll need to generate a new certificate to support the additional host name the coexistence deployment requires.

Now, you can bypass the need for a new certificate, but doing so involves doing a complete cutover migration, where users may not have access to their mailboxes during the time it takes to move their mail from Exchange 2007 to 2013.

Also note, if you have a Wildcard certificate on Exchange 2007, you can use that for both servers without any issues or certificate regeneration.
0
 

Author Comment

by:Joe Lowe
ID: 41859567
I did see the legacy.domain.com steps and figured it was just for the coexistence. I don't necessarily need that and have prepared users for downtime so a complete cutover was my plan. So since it was, I can just export and import all certificates from Exchange 2007 to 2013? Or just the 1 SSL?

I guess another question I have as it was not in any of the instructions but Microsoft advised I do this..before I do the migration of the user mailboxes, I should dismount the database before the migration process correct?
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41859575
You can just export the certificate that you're using for OWA and import that to 2013.

As for Microsoft's recommendation...The DB has to be mounted for the mail to migrate, so I thing they may be referring to the recommendation of switching the databases (on both sides) to use Circular logging during the migration. This prevents massive Transaction log growth during the move, which can cause huge problems if there isn't enough space to store the transaction logs. Switching to Circular logging requires dismounting and remounting the database.
0
 

Author Comment

by:Joe Lowe
ID: 41859592
Okay great. Thank you for the advise. Last question I believe. I found this site to export the certificates from 2007: http://msexchangeguru.com/2013/06/29/import-cert-e2013/

However when I do the command 'Get-ExchangeCertificate' I see 5 Thumbprints of certificates. How do I know which ones to export exactly? So far I followed the steps in the link I provided on all the certificates that are still valid. Should that be suffice?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now