SSL Certificate Renewal with Exchange 2010

I understand that I must request a new certificate (CSR) through my Exchange server - is there a way that I can be certain that I am requesting the exact same settings/requirements that is on the current certificate?

My concern in on the Config request - its asking about Sharing, OWA, ActiveSync, Client Access Server, POP/IMAP, and Hun Transport

I have one exchange box and on my EMC I see Imap, POP, IIS, SMTP - but nothing about Hub transport and others

I dont want to mess up something that is working fine now, The previous admin had gotten a 5 year SSL and this is my first time renewing...
Travis HahnIT ManagerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Ignore the services selection in the wizard - it has no impact on the SSL certificate.
It is simply there to help you choose the right things.
Go to the end of the wizard and it will show you the summary of the names. There you can just add and remove the names as required (the wizard always puts the root domain in as the common name for example, which is often not what people want).
0
 
Pete LongTechnical ConsultantCommented:
As long as the new cert has the same 'common name' and 'subject alternative names' (both of which you can see, if you view the certificate) then you can import a new one and assign the services to it.

Exchange 2010 – Working with Certificates

Pete
0
 
Travis HahnIT ManagerAuthor Commented:
I want to make sure I am choosing the same services as before.

My concern is with Hub Transport
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
Pete LongTechnical ConsultantCommented:
You can only assign SMTP,IMAP,IIS,UC,POP those are SERVICES, hub transport is a ROLE.

As long as your new cert is applied to IIS, SMTP, IMAP and POP it will be OK - unless its a wildcard then POP and IMAP will complain.
0
 
Travis HahnIT ManagerAuthor Commented:
Certificate
This is where I have the question then - is there a way to tell if I used this in the past
certificate.png
0
 
OnlineSupportConnect With a Mentor Commented:
If you want to see which services are applied what SSL, you can see this in GUI of Exchange. As advised already you can always assign services after anyway. As far as the names, you can find that by viewing the current SSL, generally common name is OWA addess, ALT name autodiscover.
0
 
Travis HahnIT ManagerAuthor Commented:
Thanks - I think I was able to generate the CSR and now waiting for approval from GODADDY

Last Question is it safe to remove the expired or invalid certificates?
0
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
Expired or not if they have services attached to them, I'd wait for the new one. Some services require TLS, and while it might throw errors into the event log, this will still 'work'

Wait until you have imported the new cert, and allocated services to it, before junking the expired one.

P
0
 
Travis HahnIT ManagerAuthor Commented:
Thanks for all the help
0
All Courses

From novice to tech pro — start learning today.