?
Solved

Certificate Question Migrating Exchange 2007 to 2013

Posted on 2016-10-25
4
Medium Priority
?
47 Views
Last Modified: 2016-10-25
I am about to undergo a migration from Exchange 2007 to 2013 and I am seeing in the Deployment Assistant and Microsoft's step-by-step article that it seems like I am supposed to request a new certificate from my CA.
I thought that somewhere I would have to export my SSL certificate and any others from my 2007 Exchange and import them onto my new 2013 server. Is that not true?

Please advise and if there are any articles I'd be interested in reading those too.
0
Comment
Question by:Joe Lowe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41859556
The requirement for a new certificate is to allow both Exchange servers to have a valid host name that matches the certificate. When you migrate, you'll have to have two host names at a minimum (3 for the recommended scenario where autodiscover.domain.com is included), one for the 2013 server and one for the 2007 server. Normally, the 2007 server will be assigned a new host name called legacy.domain.com, while the 2013 server takes over the normal host name (mail.domain.com or whatever you're using). If your certificate only has mail.domain.com and autodiscover.domain.com (or just mail.domain.com) you'll need to generate a new certificate to support the additional host name the coexistence deployment requires.

Now, you can bypass the need for a new certificate, but doing so involves doing a complete cutover migration, where users may not have access to their mailboxes during the time it takes to move their mail from Exchange 2007 to 2013.

Also note, if you have a Wildcard certificate on Exchange 2007, you can use that for both servers without any issues or certificate regeneration.
0
 

Author Comment

by:Joe Lowe
ID: 41859567
I did see the legacy.domain.com steps and figured it was just for the coexistence. I don't necessarily need that and have prepared users for downtime so a complete cutover was my plan. So since it was, I can just export and import all certificates from Exchange 2007 to 2013? Or just the 1 SSL?

I guess another question I have as it was not in any of the instructions but Microsoft advised I do this..before I do the migration of the user mailboxes, I should dismount the database before the migration process correct?
0
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 2000 total points
ID: 41859575
You can just export the certificate that you're using for OWA and import that to 2013.

As for Microsoft's recommendation...The DB has to be mounted for the mail to migrate, so I thing they may be referring to the recommendation of switching the databases (on both sides) to use Circular logging during the migration. This prevents massive Transaction log growth during the move, which can cause huge problems if there isn't enough space to store the transaction logs. Switching to Circular logging requires dismounting and remounting the database.
0
 

Author Comment

by:Joe Lowe
ID: 41859592
Okay great. Thank you for the advise. Last question I believe. I found this site to export the certificates from 2007: http://msexchangeguru.com/2013/06/29/import-cert-e2013/

However when I do the command 'Get-ExchangeCertificate' I see 5 Thumbprints of certificates. How do I know which ones to export exactly? So far I followed the steps in the link I provided on all the certificates that are still valid. Should that be suffice?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question