"Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
news:B867903E-70E6-4433-A0A9-96B988EABC98@microsoft.com...
> Hello. Presently we have our domain controller (server A) as our
> certificate
> authority but I'd like to know if I can successfully change that to our
> exchange server (server B). As it is now, OWA is secure with SSl utilizing
> those present conditions. But the certificate will be expiring soon and I
> remember it being quite laborious to (1) create the request on server B,
> (2)
> take that over to server A to create the cert, (3) copy the cert back to
> server B, (4) import the cert into IIS. And it certainly didn't work the
> first few times I tried it...it took some time to get it right. So can I
> somehow forget about our DC (server A) altoghether and get our exchange
> server (B) to do all the work, the request, the create, the import...and
> just
> maybe it won't take a lot of headscratching to finally get it right.
> Thanks
> so much for your reply.

"John Oliver, Jr. [MVP]" wrote:

> Why not just purchase a 3rd party cert?  Go Daddy has SSL Certs for aroung
> $26 a year.  The time and effort to manage this already has me feeling for
> you.  Less than 5 minutes to create the Cert request, send to Commercial CA,
> pay your $26, receive cert from Commercial CA, import it, done.
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2009
> Microsoft Certified Partner
>
>
> "Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
> news:B867903E-70E6-4433-A0A9-96B988EABC98@microsoft.com...
> > Hello. Presently we have our domain controller (server A) as our
> > certificate
> > authority but I'd like to know if I can successfully change that to our
> > exchange server (server B). As it is now, OWA is secure with SSl utilizing
> > those present conditions. But the certificate will be expiring soon and I
> > remember it being quite laborious to (1) create the request on server B,
> > (2)
> > take that over to server A to create the cert, (3) copy the cert back to
> > server B, (4) import the cert into IIS. And it certainly didn't work the
> > first few times I tried it...it took some time to get it right. So can I
> > somehow forget about our DC (server A) altoghether and get our exchange
> > server (B) to do all the work, the request, the create, the import...and
> > just
> > maybe it won't take a lot of headscratching to finally get it right.
> > Thanks
> > so much for your reply.
>

"Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
news:F6716383-BDE7-415F-9153-B54C1D8DA555@microsoft.com...
> Ah, Go Daddy, love those commercials !! Seeing as the price is so
> reasonable,
> that'll be the route to take. My original thought was to uninstall Cert
> Serv
> on the DC altogether so it is completely out of the picture, make the
> Exchange box the CA, and then do the whole request, create and so forth
> from
> it. Just for fun, any thoughts on that?
>
> "John Oliver, Jr. [MVP]" wrote:
>
>> Why not just purchase a 3rd party cert?  Go Daddy has SSL Certs for
>> aroung
>> $26 a year.  The time and effort to manage this already has me feeling
>> for
>> you.  Less than 5 minutes to create the Cert request, send to Commercial
>> CA,
>> pay your $26, receive cert from Commercial CA, import it, done.
>>
>> --
>> John Oliver, Jr
>> MCSE, MCT, CCNA
>> Exchange MVP 2009
>> Microsoft Certified Partner
>>
>>
>> "Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
>> news:B867903E-70E6-4433-A0A9-96B988EABC98@microsoft.com...
>> > Hello. Presently we have our domain controller (server A) as our
>> > certificate
>> > authority but I'd like to know if I can successfully change that to our
>> > exchange server (server B). As it is now, OWA is secure with SSl
>> > utilizing
>> > those present conditions. But the certificate will be expiring soon and
>> > I
>> > remember it being quite laborious to (1) create the request on server
>> > B,
>> > (2)
>> > take that over to server A to create the cert, (3) copy the cert back
>> > to
>> > server B, (4) import the cert into IIS. And it certainly didn't work
>> > the
>> > first few times I tried it...it took some time to get it right. So can
>> > I
>> > somehow forget about our DC (server A) altoghether and get our exchange
>> > server (B) to do all the work, the request, the create, the
>> > import...and
>> > just
>> > maybe it won't take a lot of headscratching to finally get it right.
>> > Thanks
>> > so much for your reply.
>>

"John Oliver, Jr. [MVP]" wrote:

> Ed,
>
> No reason to make the Exchange box a CA if you go with Go Daddy or other
> Commercial CA.  As I stated, you can beat the SSL prices and the headaches
> you will save in not managing your own CA and the clients for that matter
> since every client will trust it.  You did not mention which version of
> Exchange your are currently using.  I say this because generating the Cert
> request file differs from Exchange 2003 to Exchange 2007.  In addition, if
> you plan on using UM and Outlook Anywhere in Exchange 2007 then you would be
> better served using a UCC (Unified Communications Cert).  You can certainly
> Google on how to do this for each but if you if run into any problems then
> please post back.
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2009
> Microsoft Certified Partner
>
>
> "Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
> news:F6716383-BDE7-415F-9153-B54C1D8DA555@microsoft.com...
> > Ah, Go Daddy, love those commercials !! Seeing as the price is so
> > reasonable,
> > that'll be the route to take. My original thought was to uninstall Cert
> > Serv
> > on the DC altogether so it is completely out of the picture, make the
> > Exchange box the CA, and then do the whole request, create and so forth
> > from
> > it. Just for fun, any thoughts on that?
> >
> > "John Oliver, Jr. [MVP]" wrote:
> >
> >> Why not just purchase a 3rd party cert?  Go Daddy has SSL Certs for
> >> aroung
> >> $26 a year.  The time and effort to manage this already has me feeling
> >> for
> >> you.  Less than 5 minutes to create the Cert request, send to Commercial
> >> CA,
> >> pay your $26, receive cert from Commercial CA, import it, done.
> >>
> >> --
> >> John Oliver, Jr
> >> MCSE, MCT, CCNA
> >> Exchange MVP 2009
> >> Microsoft Certified Partner
> >>
> >>
> >> "Ed Jones" <EdJo***@discussions.microsoft.com> wrote in message
> >> news:B867903E-70E6-4433-A0A9-96B988EABC98@microsoft.com...
> >> > Hello. Presently we have our domain controller (server A) as our
> >> > certificate
> >> > authority but I'd like to know if I can successfully change that to our
> >> > exchange server (server B). As it is now, OWA is secure with SSl
> >> > utilizing
> >> > those present conditions. But the certificate will be expiring soon and
> >> > I
> >> > remember it being quite laborious to (1) create the request on server
> >> > B,
> >> > (2)
> >> > take that over to server A to create the cert, (3) copy the cert back
> >> > to
> >> > server B, (4) import the cert into IIS. And it certainly didn't work
> >> > the
> >> > first few times I tried it...it took some time to get it right. So can
> >> > I
> >> > somehow forget about our DC (server A) altoghether and get our exchange
> >> > server (B) to do all the work, the request, the create, the
> >> > import...and
> >> > just
> >> > maybe it won't take a lot of headscratching to finally get it right.
> >> > Thanks
> >> > so much for your reply.
> >>
>
>