|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SSL CSR and OWAWe have one exchange 2k3 server, we want to enable SSL on OWA, we want to
replace our self-issued certificate with a third party certificate.. I need a Certificate Signing Request to get that third party certificate. when I look at the IIS.msc default site/properties/directory security tab it sows we are using a self-issued cert and there is no option for adding a second. I can delete or edit this one. I am at a standstill - do I delete our self-isued cert or can I get the CSR by editing the existing one? Thanks so much in advance!! You'll have to remove the self-issued cert.
Never had to do this... but couple of alternatives without deleting the cert: - You could try clearing the cert binding from IIS metabase using adsutil, without having to delete the cert. - Optionally, you can also use the certificates snap-in to request a new server cert (make sure you select local computer when adding snap-in). - Finally, you can export the cert and the pvt key before removing it. -- Show quoteBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- "totoro" <tot***@discussions.microsoft.com> wrote in message news:F0E9EC20-7B9F-40E2-B1FD-BB1711036092@microsoft.com... > We have one exchange 2k3 server, we want to enable SSL on OWA, we want to > replace our self-issued certificate with a third party certificate.. > > I need a Certificate Signing Request to get that third party certificate. > > when I look at the IIS.msc default site/properties/directory security tab > it > sows we are using a self-issued cert and there is no option for adding a > second. I can delete or edit this one. > > I am at a standstill - do I delete our self-isued cert or can I get the > CSR > by editing the existing one? > > Thanks so much in advance!! hey thank you for your response,
is this the kind of thing you would think twice about doing during regular business? what services could be interupted? Thanks again! Show quote "Bharat Suneja [MVP]" wrote: > You'll have to remove the self-issued cert. > > Never had to do this... but couple of alternatives without deleting the > cert: > - You could try clearing the cert binding from IIS metabase using adsutil, > without having to delete the cert. > - Optionally, you can also use the certificates snap-in to request a new > server cert (make sure you select local computer when adding snap-in). > - Finally, you can export the cert and the pvt key before removing it. > -- > Bharat Suneja > MVP - Exchange > www.zenprise.com > NEW blog location: > exchangepedia.com/blog > ---------------------------------------------- > > > "totoro" <tot***@discussions.microsoft.com> wrote in message > news:F0E9EC20-7B9F-40E2-B1FD-BB1711036092@microsoft.com... > > We have one exchange 2k3 server, we want to enable SSL on OWA, we want to > > replace our self-issued certificate with a third party certificate.. > > > > I need a Certificate Signing Request to get that third party certificate. > > > > when I look at the IIS.msc default site/properties/directory security tab > > it > > sows we are using a self-issued cert and there is no option for adding a > > second. I can delete or edit this one. > > > > I am at a standstill - do I delete our self-isued cert or can I get the > > CSR > > by editing the existing one? > > > > Thanks so much in advance!! > > You're on Exchange Server 2003 - are you using the same cert for TLS on
IMAP, POP3, SMTP? - If OWA is the only thing you're using this for, and you don't want any interruptions - try to create a new cert request using the Certificates snap-in (with scope set to Local Computer when you add the snap-in to a MMC console) first. - If that doesn't work, and you need to remove the cert/binding temporarily - it'll be for the time it takes you to create a new cert request and then re-bind the existing cert to the OWA site. - I would try this on a test box/VM first. -- Show quoteBharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- "totoro" <tot***@discussions.microsoft.com> wrote in message news:7710D8EA-3F63-42A1-88CD-F6BFA0F07EB6@microsoft.com... > hey thank you for your response, > > is this the kind of thing you would think twice about doing during regular > business? > > what services could be interupted? > > Thanks again! > > "Bharat Suneja [MVP]" wrote: > >> You'll have to remove the self-issued cert. >> >> Never had to do this... but couple of alternatives without deleting the >> cert: >> - You could try clearing the cert binding from IIS metabase using >> adsutil, >> without having to delete the cert. >> - Optionally, you can also use the certificates snap-in to request a new >> server cert (make sure you select local computer when adding snap-in). >> - Finally, you can export the cert and the pvt key before removing it. >> -- >> Bharat Suneja >> MVP - Exchange >> www.zenprise.com >> NEW blog location: >> exchangepedia.com/blog >> ---------------------------------------------- >> >> >> "totoro" <tot***@discussions.microsoft.com> wrote in message >> news:F0E9EC20-7B9F-40E2-B1FD-BB1711036092@microsoft.com... >> > We have one exchange 2k3 server, we want to enable SSL on OWA, we want >> > to >> > replace our self-issued certificate with a third party certificate.. >> > >> > I need a Certificate Signing Request to get that third party >> > certificate. >> > >> > when I look at the IIS.msc default site/properties/directory security >> > tab >> > it >> > sows we are using a self-issued cert and there is no option for adding >> > a >> > second. I can delete or edit this one. >> > >> > I am at a standstill - do I delete our self-isued cert or can I get the >> > CSR >> > by editing the existing one? >> > >> > Thanks so much in advance!! >> >>  |
|||||||||||||||||||||||
Other interesting topics