Solved

SSL Certificate Renewal with Exchange 2010

Posted on 2016-11-03
9
33 Views
Last Modified: 2016-11-28
I understand that I must request a new certificate (CSR) through my Exchange server - is there a way that I can be certain that I am requesting the exact same settings/requirements that is on the current certificate?

My concern in on the Config request - its asking about Sharing, OWA, ActiveSync, Client Access Server, POP/IMAP, and Hun Transport

I have one exchange box and on my EMC I see Imap, POP, IIS, SMTP - but nothing about Hub transport and others

I dont want to mess up something that is working fine now, The previous admin had gotten a 5 year SSL and this is my first time renewing...
0
Comment
Question by:Travis Hahn
9 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 41872474
As long as the new cert has the same 'common name' and 'subject alternative names' (both of which you can see, if you view the certificate) then you can import a new one and assign the services to it.

Exchange 2010 – Working with Certificates

Pete
0
 

Author Comment

by:Travis Hahn
ID: 41872522
I want to make sure I am choosing the same services as before.

My concern is with Hub Transport
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41872536
You can only assign SMTP,IMAP,IIS,UC,POP those are SERVICES, hub transport is a ROLE.

As long as your new cert is applied to IIS, SMTP, IMAP and POP it will be OK - unless its a wildcard then POP and IMAP will complain.
0
 

Author Comment

by:Travis Hahn
ID: 41872571
Certificate
This is where I have the question then - is there a way to tell if I used this in the past
certificate.png
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 41873053
Ignore the services selection in the wizard - it has no impact on the SSL certificate.
It is simply there to help you choose the right things.
Go to the end of the wizard and it will show you the summary of the names. There you can just add and remove the names as required (the wizard always puts the root domain in as the common name for example, which is often not what people want).
0
 
LVL 2

Assisted Solution

by:OnlineSupport
OnlineSupport earned 125 total points
ID: 41873124
If you want to see which services are applied what SSL, you can see this in GUI of Exchange. As advised already you can always assign services after anyway. As far as the names, you can find that by viewing the current SSL, generally common name is OWA addess, ALT name autodiscover.
0
 

Author Comment

by:Travis Hahn
ID: 41873186
Thanks - I think I was able to generate the CSR and now waiting for approval from GODADDY

Last Question is it safe to remove the expired or invalid certificates?
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 125 total points
ID: 41873493
Expired or not if they have services attached to them, I'd wait for the new one. Some services require TLS, and while it might throw errors into the event log, this will still 'work'

Wait until you have imported the new cert, and allocated services to it, before junking the expired one.

P
0
 

Author Closing Comment

by:Travis Hahn
ID: 41904559
Thanks for all the help
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now