none
Inplace replacement of selfsigned certificate

    Frage

  • Hi,

    I have exchange server 2010 on one server , and AD DS + CA on another. Everything is working fine with self signed certificates, but now I have properly generated one, so I would like to switch . I know how to do it. What I don't know is what problems I have to anticipate. Like, will all of my User certificates become useless, and will I have to generate new certificate for every user (I mean, get one from the root CA)? Also, what happens with my CA server than ? Any problems ?

     

    It's worth mentioning that I've generated certificate for IIS only and none of the machines changed IP or name . Will I have to buy new user certificate for every single user, or I can generate them , when I have root certificate ?

     

    Thank you

    Montag, 9. Januar 2012 11:39

Antworten

  • Yes, create a new CSR and request the certificate, import the file and assign services to it, then you will be done :)

    http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm

    http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Als Antwort markiert Dusan Vuckovic Donnerstag, 19. Januar 2012 16:29
    Dienstag, 10. Januar 2012 09:25
  • Hi Dusan,

     

    Any updates on this issue?

     

    Thanks,


    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Evan Liu

    TechNet Community Support

    • Als Antwort markiert Dusan Vuckovic Donnerstag, 19. Januar 2012 16:29
    Mittwoch, 11. Januar 2012 02:25

Alle Antworten

  • Just realized that question, maybe, is not in proper form . Can I leave Exchange certificate in place , along with self generated user ones, and just change OWA certificate with COMODO's one , without creating any mess ?

     

    Thank you

    Montag, 9. Januar 2012 11:40
  • Yes, create a new CSR and request the certificate, import the file and assign services to it, then you will be done :)

    http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm

    http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Als Antwort markiert Dusan Vuckovic Donnerstag, 19. Januar 2012 16:29
    Dienstag, 10. Januar 2012 09:25
  • Hi Dusan,

     

    Can I leave Exchange certificate in place , along with self generated user ones, and just change OWA certificate with COMODO's one , without creating any mess ?

     

    Yes, you can. If you only want OWA use the certificate with COMODO’s one, you can just enable IIS service for that new certificate, then OWA will use COMODO’s certificate.

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Evan Liu

    TechNet Community Support

    Dienstag, 10. Januar 2012 09:41
  • Hi Dusan,

     

    Any updates on this issue?

     

    Thanks,


    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Evan Liu

    TechNet Community Support

    • Als Antwort markiert Dusan Vuckovic Donnerstag, 19. Januar 2012 16:29
    Mittwoch, 11. Januar 2012 02:25
  • Thank you VERY much. Sorry , had some crazy situation back on work. This resolves my problem.

    Much appreciated

    Donnerstag, 19. Januar 2012 16:29
  • Thank you very much .
    Donnerstag, 19. Januar 2012 16:30
  • You're welcome, glad it helped you

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    Freitag, 20. Januar 2012 08:45