Solved

Certificate Question Migrating Exchange 2007 to 2013

Posted on 2016-10-25
4
36 Views
Last Modified: 2016-10-25
I am about to undergo a migration from Exchange 2007 to 2013 and I am seeing in the Deployment Assistant and Microsoft's step-by-step article that it seems like I am supposed to request a new certificate from my CA.
I thought that somewhere I would have to export my SSL certificate and any others from my 2007 Exchange and import them onto my new 2013 server. Is that not true?

Please advise and if there are any articles I'd be interested in reading those too.
0
Comment
Question by:Joe Lowe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41859556
The requirement for a new certificate is to allow both Exchange servers to have a valid host name that matches the certificate. When you migrate, you'll have to have two host names at a minimum (3 for the recommended scenario where autodiscover.domain.com is included), one for the 2013 server and one for the 2007 server. Normally, the 2007 server will be assigned a new host name called legacy.domain.com, while the 2013 server takes over the normal host name (mail.domain.com or whatever you're using). If your certificate only has mail.domain.com and autodiscover.domain.com (or just mail.domain.com) you'll need to generate a new certificate to support the additional host name the coexistence deployment requires.

Now, you can bypass the need for a new certificate, but doing so involves doing a complete cutover migration, where users may not have access to their mailboxes during the time it takes to move their mail from Exchange 2007 to 2013.

Also note, if you have a Wildcard certificate on Exchange 2007, you can use that for both servers without any issues or certificate regeneration.
0
 

Author Comment

by:Joe Lowe
ID: 41859567
I did see the legacy.domain.com steps and figured it was just for the coexistence. I don't necessarily need that and have prepared users for downtime so a complete cutover was my plan. So since it was, I can just export and import all certificates from Exchange 2007 to 2013? Or just the 1 SSL?

I guess another question I have as it was not in any of the instructions but Microsoft advised I do this..before I do the migration of the user mailboxes, I should dismount the database before the migration process correct?
0
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41859575
You can just export the certificate that you're using for OWA and import that to 2013.

As for Microsoft's recommendation...The DB has to be mounted for the mail to migrate, so I thing they may be referring to the recommendation of switching the databases (on both sides) to use Circular logging during the migration. This prevents massive Transaction log growth during the move, which can cause huge problems if there isn't enough space to store the transaction logs. Switching to Circular logging requires dismounting and remounting the database.
0
 

Author Comment

by:Joe Lowe
ID: 41859592
Okay great. Thank you for the advise. Last question I believe. I found this site to export the certificates from 2007: http://msexchangeguru.com/2013/06/29/import-cert-e2013/

However when I do the command 'Get-ExchangeCertificate' I see 5 Thumbprints of certificates. How do I know which ones to export exactly? So far I followed the steps in the link I provided on all the certificates that are still valid. Should that be suffice?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question