change SSL certificate provider on Exchange 2007 CAS server RRS feed

  • Question

  • Hi, there:

    Our current environment: Exchange 2007 SP3 on Windows Server R2 *64 Edition.

    ISA server is used to publish OWA and Exchange Activesync, NO outlook anywhere in use.

    Exchange environment is: Exchange CCR+SCR. There are two CAS+HUB Exchange 2007 server on datacenter. The SCR server on DR site hosts all server role: HUB+CAS+MBX.

    The certificate installed on CAS Exchange 2007 server is about to expired in Jan 2013. It is a 3rd party from Thawte. Now we are planning to change this certificate to Verisign certificate.

    The first step is to create a CSR, now my question is:

    1): Use IIS to create a CSR, or use Exchange cmdlet: new-exchangecertificate to create CSR?

    2): Say for example after we get the new certificate from Verisign and import it to one of the CAS server, now is is time to install the new Verisign certificate on IIS, what should we do? should we remove the old Thawte certificate first and then add new certificate from Verisign, or we just need to choose "Replace the current certificate" from "IIS--> Default Web site properties->Directory security-->Server certificate"?

    3): After certificate install on the first CAS server in Data center, then I need to export the new verisign certificate to .pfx file, import to second CAS server in data center, and repeat the above procedure to install the certificate on IIS in second CAS server, right?

    4): then I need to do it again on SCR server in DR site?

    5): lastly install Certificate in ISA server, at this moment I am not sure ISA server 2004 or 2006, any difference in terms of publishing OWA through ISA server 2004 and 2006?

    Anyone can advise if I miss something here.

    Thanks in advance

    Tuesday, September 11, 2012 4:22 AM