SSL certificate for OWA to be renewed - procedure pls
Setup - Exchange 2007 SP2, 2 ISA (NLB), 2 EDGE (NLB), 2 hub+cas (NLB), CCR - 2 Mailbox server, i remember when we built this environment last year have applied the Versign SSL certificate, the time had came to renew the 3rd party certificate but i could
not find my notes to do the renewal, could anyone please help me with the correct procedure/syntax/shell commands to renew the cert. I believe this cert changes has to be done on ISA and Cas both.
Thanks for your helpInderjit
November 2nd, 2011 1:53am
Yes, You will have to apply this certificate on CAS and ISA as well.
Follow below steps.
View your certificate from IIS or from anywhere comfortable for you, View subject alternative name properties in Details tab.
Note down all the domain names, Note down the Issues to property in General tab while viewing the certificate
Run New-Exchange certificate command from Exchange 2007 powershell as below
New-Exchangeceritificate -GenerateRequest -path C:\Certrequest.req -domainname "abc.com , Autodiscover.abc.com" -PrivateKeyexportable $true
Note : In domain name field type alll the domain names you noted from Subject alternative name property earlier. Make sure you mentione the first domain name which you noted from issued to properties.
For more info check below articles
http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx
http://technet.microsoft.com/en-us/library/aa998327%28EXCHG.80%29.aspxSudhir Bidye.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2011 9:04am
Thanks Sudhir.
My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell?
Thanks
Inderjit
November 2nd, 2011 9:32am
You can always generate a CSR from the IIS and later you will have to import the certificate via powershell to make it effective.Where Technology Meets Talent
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2011 11:47am
Inderjit,
Yes, you can surely create a CSR request from IIS. Check the below link
http://www.digicert.com/csr-creation-microsoft-iis-7.htmSudhir Bidye.
November 2nd, 2011 3:39pm
Yes, You will have to apply this certificate on CAS and ISA as well.
Follow below steps.
View your certificate from IIS or from anywhere comfortable for you, View subject alternative name properties in Details tab.
Note down all the domain names, Note down the Issues to property in General tab while viewing the certificate
Run New-Exchange certificate command from Exchange 2007 powershell as below
New-Exchangeceritificate -GenerateRequest -path C:\Certrequest.req -domainname "abc.com , Autodiscover.abc.com" -PrivateKeyexportable $true
Note : In domain name field type alll the domain names you noted from Subject alternative name property earlier. Make sure you mentione the first domain name which you noted from issued to properties.
For more info check below articles
http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx
http://technet.microsoft.com/en-us/library/aa998327%28EXCHG.80%29.aspxSudhir Bidye.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2011 4:02pm
Thanks Sudhir.
My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell?
Thanks
Inderjit
Or use New-ExchangeCertificate which is the recommened way -
http://technet.microsoft.com/en-us/library/aa998327.aspxSukh
November 2nd, 2011 4:47pm
Inderjit,
Yes, you can surely create a CSR request from IIS. Check the below link
http://www.digicert.com/csr-creation-microsoft-iis-7.htmSudhir Bidye.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2011 10:37pm
Thanks Sudhir.
My next question would be to find out the preferred way to create a CSR file for the renewal, when i logged on to Cashub server i do see have an option to generate a csr file using IIS, is that will not do the job what we are attempting from a command shell?
Thanks
Inderjit
Or use New-ExchangeCertificate which is the recommened way -
http://technet.microsoft.com/en-us/library/aa998327.aspxSukh
November 2nd, 2011 11:46pm