Pro Suite
asked on
Exchange 2013 certificate
We currently have an Exchange 2013 with a self signed certificate (stupid, I know). We need to replace it with a non-seflsigned one.
Is it just ok to delete the selfsigned one and import the new one?
Is it just ok to delete the selfsigned one and import the new one?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I already have a certificate and I already signed certificates to Exchange 2013/2016 servers in the past with no problems.
I just wonder if there is anything that could go wrong when assigning a certificate to a server that already has a self signed one for the client server communication.
I just wonder if there is anything that could go wrong when assigning a certificate to a server that already has a self signed one for the client server communication.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"I just wonder if there is anything that could go wrong when assigning a certificate to a server that already has a self signed one for the client server communication. "
What I've seen going wrong is when the clients accessing the server do not have/can't download the certificates in the certificate path (root certificate/intermediate certificate if required) to validate the Exchange servers.
What I've seen going wrong is when the clients accessing the server do not have/can't download the certificates in the certificate path (root certificate/intermediate certificate if required) to validate the Exchange servers.
Treat this activity as first time setup and where you need to implement the right certificate. KB given by me is enough to complete this task.
ASKER
We successfully added the certificate and deleted the old one. We only had to set the internal autodiscover url to the right one.
I object to your answer selection. I provided same answer in first post.
You need one self signed certificate for your inter server communication.
You can check my comment in MS Technet to create a new certificate.
You need one 3rd party certificate (e.g. Digicert, Godaddy) for client server communication.
Use this to generate CSR command generator for your 3rd party certificate.
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html
Upload the CSR to the 3rd party portal and complete the pending request by following any of these. Do not miss to enable IIS on the 3rd party certificate.
https://uk.godaddy.com/help/exchange-server-2013-install-a-certificate-4774
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part3.html
Note: You need two names in your certificate. i.e. mail.domain.com and autodiscover.domain.com
Thanks
MAS