[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 92
  • Last Modified:

SSL Certificate Renewal with Exchange 2010

I understand that I must request a new certificate (CSR) through my Exchange server - is there a way that I can be certain that I am requesting the exact same settings/requirements that is on the current certificate?

My concern in on the Config request - its asking about Sharing, OWA, ActiveSync, Client Access Server, POP/IMAP, and Hun Transport

I have one exchange box and on my EMC I see Imap, POP, IIS, SMTP - but nothing about Hub transport and others

I dont want to mess up something that is working fine now, The previous admin had gotten a 5 year SSL and this is my first time renewing...
0
Travis Hahn
Asked:
Travis Hahn
3 Solutions
 
Pete LongConsultantCommented:
As long as the new cert has the same 'common name' and 'subject alternative names' (both of which you can see, if you view the certificate) then you can import a new one and assign the services to it.

Exchange 2010 – Working with Certificates

Pete
0
 
Travis HahnIT ManagerAuthor Commented:
I want to make sure I am choosing the same services as before.

My concern is with Hub Transport
0
 
Pete LongConsultantCommented:
You can only assign SMTP,IMAP,IIS,UC,POP those are SERVICES, hub transport is a ROLE.

As long as your new cert is applied to IIS, SMTP, IMAP and POP it will be OK - unless its a wildcard then POP and IMAP will complain.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Travis HahnIT ManagerAuthor Commented:
Certificate
This is where I have the question then - is there a way to tell if I used this in the past
certificate.png
0
 
Simon Butler (Sembee)ConsultantCommented:
Ignore the services selection in the wizard - it has no impact on the SSL certificate.
It is simply there to help you choose the right things.
Go to the end of the wizard and it will show you the summary of the names. There you can just add and remove the names as required (the wizard always puts the root domain in as the common name for example, which is often not what people want).
0
 
OnlineSupportCommented:
If you want to see which services are applied what SSL, you can see this in GUI of Exchange. As advised already you can always assign services after anyway. As far as the names, you can find that by viewing the current SSL, generally common name is OWA addess, ALT name autodiscover.
0
 
Travis HahnIT ManagerAuthor Commented:
Thanks - I think I was able to generate the CSR and now waiting for approval from GODADDY

Last Question is it safe to remove the expired or invalid certificates?
0
 
Pete LongConsultantCommented:
Expired or not if they have services attached to them, I'd wait for the new one. Some services require TLS, and while it might throw errors into the event log, this will still 'work'

Wait until you have imported the new cert, and allocated services to it, before junking the expired one.

P
0
 
Travis HahnIT ManagerAuthor Commented:
Thanks for all the help
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now