How do you do....it? Thread, SSL Renewals in Technical; Just checked our SSL for Exchange and it expires in about a months time
How do you go about renewing ...
12th October 2010, 03:08 PM #1
Just checked our SSL for Exchange and it expires in about a months time
How do you go about renewing the certificate?
is it the same as when it was initially installed or do the SSL people just provide a new one?
We are using Exchange 2010 and TMG 2010
IDG Tech News
12th October 2010, 03:15 PM #2
It's more or less the same. Tell IIS that you want to renew it, let it generate a CSR and send that off for signing. The only difference in a renewal is that you don't generate a new key first.
12th October 2010, 04:25 PM #3
Also as a general rule I would export your cert (including private key part, if it asks you to set an export password your doing it right) to pfx so you have a backup pair.
14th October 2010, 11:37 AM #4
Ok I think I understand this, but..
in Ex2010 there is an option to "renew cert.." this generates a <name>.req ?? and adds a pending cert to EMC
In IIS7 (on Exchange server) i can highlight the cert and click renew and submit later - this then gets saved as a .txt file with the ---begin--- & ---end-- tags
is it one or both of these I need?
What about my SANs? are they auto-renewed if one of the files above are sent in?
14th October 2010, 12:02 PM #5
Are you generating your own certificates? I'm guessing not from your OP. If you generate your own then renewal is far easier.
14th October 2010, 12:05 PM #6
If you mean Self Signed then no,
We created a request then sent it to GeoTrust who then sent us back a signed certificate
Its how to renew that GeoTrust certificate for another year...
14th October 2010, 12:19 PM #7
If you use a lot of certificates it might be cheaper to use one of theirs for your trusted root then issue your own. It's certainly quicker to renew as you can issue the renewed certificate instantly. they can take up to 3 months - ok if you've plenty of time but, if like me you forget to renew in time and your certificate suddenly expires, you're up the creek for 3 months.
If you do renew online (use the request you generated from Exchange & paste into the GeoTrust online form) it's easy enough to then change the certificate in Exchange - import the new one to Exchange (via Server Configuration) then pick the new certificate in IIS on your exchange server. If you're authenticating at TMG you'll also have to import the new certificate to the TMG server & change it there too.
14th October 2010, 12:23 PM #8
Yeah we authenticate via TMG - so will need to update that as well.
As for the exchange - how do I open the .REQ file - if i open it in notepad I get a string of gobble-de-gook characters.. :S
14th October 2010, 12:30 PM #9
The IIS one is what I use. It depends though on what you punch through.
For us we only use IIS based stuff so I didnt think we needed the *exchange* cert which costs more. All I did was generate the request on iis (using external address) and submit it and get a cert back which I imported to TMG. I then told tmg to use that cert for the external url and set the iis to use an internal CA cert. Because TMG can chain it together it all works well as they are all trusted.
14th October 2010, 12:55 PM #10
One thing, you dont need the cert to be actually installed to exchange really. As long as the exchange IIS is using a valid internal CA cert then basically TMG does the bridge between the two.
14th October 2010, 01:05 PM #11
The req file should start with the line -----BEGIN NEW CERTIFICATE REQUEST----- and end with -----END NEW CERTIFICATE REQUEST----- with a load of encrypted stuff between. Cut & paste this (including the BEGIN and END lines) into the renewal page on the GeoTrust website.
Originally Posted by Gatt
14th October 2010, 01:19 PM #12
Hmm.. the req file doesnt show that at all - it does this..
By mrwalker in forum EduGeek Joomla 1.5 Package
Last Post: 11th July 2009, 08:55 PM
Last Post: 24th January 2008, 02:25 PM
By PEO in forum General Chat
Last Post: 4th January 2008, 10:14 PM
Last Post: 5th December 2007, 02:15 PM
By ITWombat in forum Wireless Networks
Last Post: 25th September 2006, 10:35 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)