locked
Exchange 2007 Cert renewal RRS feed

  • Question

  • Hello,

    I am in the process of migrating my Microsoft PKI to new servers. I want to use a new cert for Exchange 2007 using the new PKI. I am wondering what the steps are to accomplish this, and any problems I may have during this process. My current exchange cert is a cert from an old CA, however I am not sure. Will there be any interuption in client communications, if so how can prepare and avoid this.

     

    Wednesday, November 2, 2011 5:13 PM

Answers

  • Hi,

    I recommend  you to renew the certificate with new PKI at non-business hour.

    We will have warning with the old certificate during the migration of Microsoft PKI.

    Besides, you can follow the steps in article that Suhk mentioned to create certificate and then enable service on the certificate.

    Note: Pay more attention to the certificate domian name.

    Xiu

    • Marked as answer by Xiu Zhang Monday, November 21, 2011 3:06 AM
    Thursday, November 3, 2011 6:32 AM
  • In that link I posted  (1st one) use the the -Path swith when you create the cert.

    Certificate Domain name is the common name, such as mail.mycompany.com

    You can use Get-ExchangeCertificate |fl and see what the current one.


    Sukh
    • Proposed as answer by VijayaRelangovan Wednesday, November 9, 2011 1:45 PM
    • Marked as answer by Xiu Zhang Monday, November 21, 2011 3:06 AM
    Friday, November 4, 2011 7:11 PM

All replies

  • There shouldn;t be any interruption.  Depends on what youre going to use the cert for, Exch can function with the self-signed cert.

    If you want to create a new one the create one - http://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspx and submit to the CA.

    Then assign it to the services (IIS, SMTP etc...) - http://technet.microsoft.com/en-us/library/aa997231(EXCHG.80).aspx


    Sukh
    Wednesday, November 2, 2011 9:51 PM
  • Hi,

    I recommend  you to renew the certificate with new PKI at non-business hour.

    We will have warning with the old certificate during the migration of Microsoft PKI.

    Besides, you can follow the steps in article that Suhk mentioned to create certificate and then enable service on the certificate.

    Note: Pay more attention to the certificate domian name.

    Xiu

    • Marked as answer by Xiu Zhang Monday, November 21, 2011 3:06 AM
    Thursday, November 3, 2011 6:32 AM
  • Hi, thank you for the response. One question though. I am not seeing anywhere in the syntax or parameters for saving the request or sending the request to the PKI.
    Friday, November 4, 2011 6:54 PM
  • Note: Pay more attention to the certificate domian name. = You mean using the FQDN for both the PKI and Exchange server, right?
    Friday, November 4, 2011 6:55 PM
  • In that link I posted  (1st one) use the the -Path swith when you create the cert.

    Certificate Domain name is the common name, such as mail.mycompany.com

    You can use Get-ExchangeCertificate |fl and see what the current one.


    Sukh
    • Proposed as answer by VijayaRelangovan Wednesday, November 9, 2011 1:45 PM
    • Marked as answer by Xiu Zhang Monday, November 21, 2011 3:06 AM
    Friday, November 4, 2011 7:11 PM
  • This should be done outside normal working hours as mail will go down - though it should only take a minute or 2 unless you have unexpected problems.

    Follow these simple instructions:

    Renew Exchange 2007 Certificates

    • Proposed as answer by A. TheOne Tuesday, June 19, 2012 1:45 PM
    Tuesday, June 19, 2012 1:45 PM