Solved

SSL Certificate Renewal with Exchange 2010

Posted on 2016-11-03
9
63 Views
Last Modified: 2016-11-28
I understand that I must request a new certificate (CSR) through my Exchange server - is there a way that I can be certain that I am requesting the exact same settings/requirements that is on the current certificate?

My concern in on the Config request - its asking about Sharing, OWA, ActiveSync, Client Access Server, POP/IMAP, and Hun Transport

I have one exchange box and on my EMC I see Imap, POP, IIS, SMTP - but nothing about Hub transport and others

I dont want to mess up something that is working fine now, The previous admin had gotten a 5 year SSL and this is my first time renewing...
0
Comment
Question by:Travis Hahn
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 41872474
As long as the new cert has the same 'common name' and 'subject alternative names' (both of which you can see, if you view the certificate) then you can import a new one and assign the services to it.

Exchange 2010 – Working with Certificates

Pete
0
 

Author Comment

by:Travis Hahn
ID: 41872522
I want to make sure I am choosing the same services as before.

My concern is with Hub Transport
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41872536
You can only assign SMTP,IMAP,IIS,UC,POP those are SERVICES, hub transport is a ROLE.

As long as your new cert is applied to IIS, SMTP, IMAP and POP it will be OK - unless its a wildcard then POP and IMAP will complain.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Travis Hahn
ID: 41872571
Certificate
This is where I have the question then - is there a way to tell if I used this in the past
certificate.png
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 41873053
Ignore the services selection in the wizard - it has no impact on the SSL certificate.
It is simply there to help you choose the right things.
Go to the end of the wizard and it will show you the summary of the names. There you can just add and remove the names as required (the wizard always puts the root domain in as the common name for example, which is often not what people want).
0
 
LVL 2

Assisted Solution

by:OnlineSupport
OnlineSupport earned 125 total points
ID: 41873124
If you want to see which services are applied what SSL, you can see this in GUI of Exchange. As advised already you can always assign services after anyway. As far as the names, you can find that by viewing the current SSL, generally common name is OWA addess, ALT name autodiscover.
0
 

Author Comment

by:Travis Hahn
ID: 41873186
Thanks - I think I was able to generate the CSR and now waiting for approval from GODADDY

Last Question is it safe to remove the expired or invalid certificates?
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 125 total points
ID: 41873493
Expired or not if they have services attached to them, I'd wait for the new one. Some services require TLS, and while it might throw errors into the event log, this will still 'work'

Wait until you have imported the new cert, and allocated services to it, before junking the expired one.

P
0
 

Author Closing Comment

by:Travis Hahn
ID: 41904559
Thanks for all the help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question