View previous topic :: View next topic |
Author |
Message |
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Apr 23, 2010 10:25 am Post subject: Rebuilding Exchange server and SSL cert |
|
|
possibly daft question but I'll throw it out there anyway - what'd happen to an SSL cert used on an Exchange box if the server was rebuilt? would the cert still be valid?
background is we've got an Exch03 box that needs rebuilding but will be used for OMA for a few months. Obviously this needs securing and we have an SSL cert in place already.
Am I right in thinking it'll need to be reissued by the provider?
|
|
Back to top |
|
|
ryansutton Trusted SF Member
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
|
Posted: Fri Apr 23, 2010 7:05 pm Post subject: |
|
|
If it was rebuilt with the same name it should be ok. If you run in to problems, see if you cert provider has the option to rekey the cert - we use godaddy and as long as we don't change the CN on the cert we can change the SAN's as much as we want - which is where the netbios name of the server is.
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Thu May 13, 2010 11:05 am Post subject: |
|
|
Cheers, Ryan.
Just about to go off on leave but this is one of my first projects back so I may be back screaming for help lol
|
|
Back to top |
|
|
ryansutton Trusted SF Member
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
|
Posted: Thu May 13, 2010 4:36 pm Post subject: |
|
|
Enjoy your time away from work
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Thu May 13, 2010 4:40 pm Post subject: |
|
|
ryansutton wrote: |
Enjoy your time away from work |
always 10 days surfing, back for 10 days then a 7 days climbing in France. Can't wait!
|
|
Back to top |
|
|
moondoggie Lurker
Joined: 27 May 2005 Posts: 19
|
Posted: Thu May 13, 2010 5:36 pm Post subject: |
|
|
vacation time? are you sure you're an IT professional?
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Mon May 17, 2010 5:59 pm Post subject: |
|
|
You can usually re-download the certificate from the provider (at least in Go Daddy's case you can...).
|
|
Back to top |
|
|
njan Trusted SF Member
Joined: 02 May 2005 Posts: 9 Location: Scotland, UK
|
Posted: Thu Jun 03, 2010 6:06 pm Post subject: Re: Rebuilding Exchange server and SSL cert |
|
|
graycat wrote: |
possibly daft question but I'll throw it out there anyway - what'd happen to an SSL cert used on an Exchange box if the server was rebuilt? would the cert still be valid? |
Unless it's been marked as non-exportable, you should be able to export the certificate including the private key to a pfx file using the certificate management MMC snap-in from the local certificate store. You can then re-import the PFX file on any other host.
If it has, you may have to get the certificate provider to issue a new certificate. Obviously since the certificate issuing process generally involves a certificate request generated by the host that wants the certificate the CA won't have your private key (this is retained by the requesting host), so you'd need a completely new certificate, even if it had the same canonical name.
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Tue Jul 13, 2010 2:40 pm Post subject: |
|
|
Hey guys,
in the end I did a p2v conversion of the server and built a new one using the hardware.
I did run into an interesting scenario of importing the cert from an Win2k / Exch2k / IIS5 box into a Win08 / Exch07 / IIS7 box. Initial export / import was fine but IIS7 threw a wobbly importing a new UC cert that took a while to sort out.
|
|
Back to top |
|
|
|