Switching to new wildcard certificate in Exchange 2007
-
Wednesday, February 15, 2012 3:33 PM
Hi all,
I'm currently using a wildcard certificate (*.domain.com) which will expire in a few months. I was able to purchase another identically named certificate (*.domain.com) so I can gradually rollout the new cert to all the servers using it. Obvisouly the new certificate doesn't expire for several years...
I am now working with a certificate in pfx format as I had to export it from the server which originally made the request so I could use it on Exchange. I would like to know what the steps are to update my Exchange 2007 server from its current wildcard certificate to this new one.
Thanks in advance for your help.
All Replies
-
Wednesday, February 15, 2012 6:45 PM
Renewing the certificate
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/
other helpful articles
http://www.proexchange.be/blogs/exchange2007/archive/2009/05/15/how-to-renew-your-exchange-2007-ssl-certificate-especially-when-using-isa-server-for-publishing.aspx
http://technet.microsoft.com/en-us/library/bb851505(v=exchg.80).aspx
http://technet.microsoft.com/en-us/library/aa998840(v=exchg.80).aspx
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates-part2.html all three articleshttp://technet.microsoft.com/en-us/library/cc164344(v=exchg.80).aspx
- Proposed As Answer by Jonas Andersson [MCITP] Thursday, February 16, 2012 1:24 PM
- Marked As Answer by Frank.WangModerator Monday, February 27, 2012 2:06 AM
-
Thursday, February 16, 2012 8:05 AMModerator
Usually, the 3rd party CA should provide the steps to update their specified certificate.
You can also try to update as following steps:
1, Run the cmdlet Get-ExchangeCertificate | fl to record detailed information about the current certificate, e.g. Services
2, Import-ExchangeCertificate to import the new certificate
Import-ExchangeCertificate
http://technet.microsoft.com/en-us/library/bb124424(v=exchg.80).aspx
3, Enable-ExchangeCertificate to enable the new certificate with certain services
Enable-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997231(v=exchg.80).aspx
4, After the new certificate is working, you can remove the old one.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Frank Wang
TechNet Community Support
- Proposed As Answer by Jonas Andersson [MCITP] Thursday, February 16, 2012 1:24 PM
- Marked As Answer by Frank.WangModerator Monday, February 27, 2012 2:06 AM
-
Thursday, February 16, 2012 1:53 PM
Thanks for the feedback guys. I had quick look through some of the links the first poster provided, but I'm off today and tomorrow and its a stat holiday on Monday so I will return to this thread then and follow up.
Cheers
-
Tuesday, February 21, 2012 2:06 AMModerator
Hi J_Rod,
Any updates?
Frank Wang
TechNet Community Support
-
Tuesday, February 21, 2012 3:09 AMHi Frank, I'm back to work tomorrow as I mentioned which is why I haven't followed up on this yet. Once I climb out from the backlog tomorrow, I will review the ideas given here and provide feedback. Thanks for your help. I'm the only IT person in our office...such is life!
-
Wednesday, February 22, 2012 8:56 PM
Hi Frank,
I'm currently working with your response here and it is quite helpful, thank you.
Specifically I wasn't sure if there would be a negative impact of having 2 certificates on the server with the same name which you answered above in point #4.
You also included some steps I can use to import the new certificate and enable it. This was the specific information I needed, so thank you very much.
I am wondering about enabling the certificate though, this works for IIS? I used this cert on our other IIS servers and of course did not use the EMS to import/enable it.
Here is the code I believe I need for the IIS portion.
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services "IIS"
We use Outlook Anywhere and Outlook Web Access, both of which I believe use IIS and would require the above line of code to make work now that the new certificate is imported.
-
Thursday, February 23, 2012 8:35 AMModerator
Hi J_Rod,
I would suggest you backup the old certificate first, after that, remove it. I met issues related old certificate some times ago.
How to backup Exchange certificate:
Export-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa996305(v=exchg.80).aspx
About certificate used for Exchange, please install/enable it using EMS.
Frank Wang
TechNet Community Support
-
Tuesday, June 19, 2012 1:38 PM
Hi all,
I'm currently using a wildcard certificate (*.domain.com) which will expire in a few months. I was able to purchase another identically named certificate (*.domain.com) so I can gradually rollout the new cert to all the servers using it. Obvisouly the new certificate doesn't expire for several years...
I am now working with a certificate in pfx format as I had to export it from the server which originally made the request so I could use it on Exchange. I would like to know what the steps are to update my Exchange 2007 server from its current wildcard certificate to this new one.
Thanks in advance for your help.
Just follow these instructions to renew (assuming its self signed?):
- Proposed As Answer by A. TheOne Tuesday, June 19, 2012 1:38 PM
.png)
