Announcement

Collapse
No announcement yet.

Renew Exchange certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Renew Exchange certificate

    Our Exchange certificate is about to expire in a month or so. We're using Exchange 2003 SP2 and the current certificate was issued by our internal CA.

    If I go to IIS\Web Sites\Default Web Site, Properties\Directory Security\Server Certificate do I just click on it and then Next, Renew the current certificate and then Send the request immediately to an online certification authority. Is that all?

    Will it find the CA by itself, will I need to enter any additional information (Organizational Unit, Common name, Geographical Information, port...)

    Can someone please provide a step by step on how I go about replacing it.

  • #2
    Re: Renew Exchange certificate

    If you are sticking with your internal CA, I believe you initiate the CSR request as you have done so for renewal. You then use the internal CA's URL to request the certificate renewal and paste the contents of the CSR there. You can then download the certificate.

    Comment


    • #3
      Re: Renew Exchange certificate

      Hmm, might actually be the case, wish I could test this out (or get a confirmation) somewhere before doing this. OWA really can't suffer.

      Comment


      • #4
        Re: Renew Exchange certificate

        For the price of a certificate from a Trusted CA i wouldnt waste time using self signed certicates which although do work, can require a number of caveats client side.
        That said the IIS resource kit can create self signed certs for you using Self SSL. Or alternatively login to the MS CA webpage of your internal CA and generate a certificate request.

        Comment


        • #5
          Re: Renew Exchange certificate

          A self signed certificate simply isn't worth the hassle. You would have to get the certificate on to any devices that aren't part of the domain.

          When you can purchase an SSL certificate for US$30/year that is trusted by most things, anything else is just a waste of time (And time is money).

          If you are concerned, then setup a second web site on the server, do the request install on the second web site, then once you are happy, on the original server remove the certificate then choose to assign an existing certificate and select the new one.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Renew Exchange certificate

            A certificate issued by our internal CA is only a temporary measure for about 2-3 months when we'll be upgrading to 2010 when a trusted will be purchased.

            I just need to renew the current one (issued by our CA, which has been imported on several devices), but haven't found a good resource just yet.

            I do like the idea of doing it on a second website, but that would be a request and not a renewal, although that is probably as close as it gets?

            Comment


            • #7
              Re: Renew Exchange certificate

              Have you tried this method?

              http://forums.petri.com/showthread.php?t=18992

              Comment


              • #8
                Re: Renew Exchange certificate

                Virtual, I actually haven't tried anything yet, I'm in the information gathering phase, so our users don't notice any downtime, when I go through with it.

                I actually found that topic when searching for a solution and will keep the link handy when I actually do it. I guess it's as close as it comes to my current situation in the absence of a cert renewal article.

                Comment


                • #9
                  Re: Renew Exchange certificate

                  I'm just reporting back that I sucessfuly renewed the certificate, but used "prepare the request now, but send it later" option. It went through without problems.

                  Comment


                  • #10
                    Re: Renew Exchange certificate

                    Thanks for the post back and glad it was a success.

                    Comment

                    Working...
                    X