Exchange 2010 Certificate renewal and Installation

Eddie_Akita
Eddie_Akita used Ask the Experts™
on
Needing a little assistance here on a renewal and installation of an Exchange 2010 certificate. Yes, believe it or not we are still running Exchange 2010, small company and not a need to go away from basic email. I used to have an outside service do this for us since we have no Exchange admin anymore, however the company no longer offers this service. I had to do this now after not finding a resource. I have done the research and did the following.  I created a new certificate request through the Exchange management panel (Go Daddy certificates renewals for whatever reason doesn’t work well with Exchange 2010 renewal function and needed to create a new one and rekey it on their site), filled in all of the fields for the items we use like OWA and internal DNS and External DNS names, including the auto discover. Once I got my req file I entered the info in the CSR request on Go Daddy, I got my new cert. I went back and assigned my cert through the exchange admin console and it said it successfully was installed, however I have not assigned any services to it yet. I was reading that I needed to install the p7b file in the certificates folder in IIS through the MMC, but when I checked the IIS certificates folder it was already there?, but I hadn’t installed the pb7 yet?  Thoughts. Also willing to contract someone for an hour for remote support to double check work and any other fixes needed.  Thanks everyone.  I have until Dec 6th when the old certificate is no longer valid.  Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Consultant
Commented:
If you can see it in the Exchange management console you dont need to import anything further, just enable it usually for SMTP and IIS, unless you still have POP or IMAP running.
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
I generally import the PFX file into IIS and then assign the services to it. Perform an IISReset afterwards.

If its a wildcard, you need to use the commands set-popsettings and set-imapsettings to use the wildcard.
Alan CoxSr. Architect | Consulting
Commented:
Exchange certificates should rarely be managed in IIS directly, Once you do the CSR completion in EMC, assign services and you should be good, primarily IIS (smtp will generally still use it's self signed and this is usually ok), IMAP, POP.
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
I only use it to import the wildcard SSL cert, nothing else :-)

Author

Commented:
Thank you to you all, it worked as expected, Thank you again..

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial