Exchange 2007 certificate after renewal certificate outlook anywhere will work without any changes at client computer
h
i want to renew my certificate which is runng on exhange 2007 sevices ex: pop3, imap, iis, https.
Exchange 2007 certificate after renewal certificate outlook anywhere will work without any change at client computer?
i got this url
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
but it changed the thumbprint and i get new thumbprint for renewed certificate in this case need to change certificate for outlook anywhere users?
also i have CA server inplace on w2k3.
November 22nd, 2010 11:20am
Hi sameer.aw,
If you have a self signed certificate then you must install this certificate as trusted root certification authorities in users machine´s that uses outlook anywhere. You must make this install using mmc=>add snap-in=>certificates
pointing to local machine.
Regards
Free Windows Admin Tool Kit Click here and download it now
November 22nd, 2010 2:36pm
I would highly recommend that you use 3rd party certificates instead on your own CA going forward.
November 22nd, 2010 4:08pm
hi thanks for reply
Is there any way can outlook anywhere users get the certificate automatical, outlook anywhere users are in workgroup and they are at remote location.
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2010 2:22am
Agree with Andy, 3rd party certificate is a better choice.
Sameer, if you want to renew the CA certificate, you can create a new CA certificate, then import and enable it.
If you use Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate, it will be created a new self-signed certificate.
More information about creating a new CA certificate:
How to Request an SSL Certificate
http://technet.microsoft.com/en-us/library/bb310781(EXCHG.80).aspxFrank Wang
November 23rd, 2010 2:29am
I can’t use 3rd party certificate now. My exchange server certificate will expire
in next 7 days i want to renew certificate without harming any outlook anywhere users so please tell me is there any possibility. I am using my Internal CA server. please also provide me step by step document how perform.
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2010 3:24am
Hi sammer.aw,
You can create a new certificate using the solution provided by Frank, without enabling it on CAS Server. Then you can export this certificate and install in the machines that uses outlook anywhere. You can install manually or using a group policy
to the Trusted Root Certification Authority. This link will help you to deploy using group policy:
http://technet.microsoft.com/en-us/library/cc770315(WS.10).aspx
After you install the certificate, the next step is to import and enabling it on CAS Server.
Rafael Okamoto
_________________________________________________________________________
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 23rd, 2010 9:17am
Hi Frank
if i create a new certificate CA certificate and then import and enable it. will my thumb print remain same or not ? if it is change then the same problem again . then i need to deploy new certificate at all outlook anywhere users.
please help me if there is any way or 3rd party is the only solution?
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2010 10:07am
3rd party is the best solution yes.
The remote clients will already trust those 3rd party certificates. (Verisign, Digicert, GoDaddy, etc....)
November 23rd, 2010 10:55am
if i create a new certificate CA certificate and then import and enable it. will my thumb print remain same or not ? if it is change then the same problem again . then i need to deploy new certificate at all outlook anywhere users.
please help me if there is any way or 3rd party is the only solution?
Hi Sameer,
If you create a new certificate, the thumbprint will be changed. But as I know, you just need to import the root CA certificate to the workgroup client, and you have already done it. So please create a new certificate and import and enable it. After that,
please delete the old certificate.
About step by step document, please see:
Managing SSL for a Client Access Server
http://technet.microsoft.com/en-us/library/bb310795(EXCHG.80).aspx
Suggest you export the old certificate before you delete it.Frank Wang
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2010 1:51am
Thanks Frank
November 24th, 2010 6:02am