• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Rebuilding Exchange server and SSL cert

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Apr 23, 2010 10:25 am    Post subject: Rebuilding Exchange server and SSL cert Reply with quote

possibly daft question but I'll throw it out there anyway - what'd happen to an SSL cert used on an Exchange box if the server was rebuilt? would the cert still be valid?

background is we've got an Exch03 box that needs rebuilding but will be used for OMA for a few months. Obviously this needs securing and we have an SSL cert in place already.

Am I right in thinking it'll need to be reissued by the provider?
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Fri Apr 23, 2010 7:05 pm    Post subject: Reply with quote

If it was rebuilt with the same name it should be ok. If you run in to problems, see if you cert provider has the option to rekey the cert - we use godaddy and as long as we don't change the CN on the cert we can change the SAN's as much as we want - which is where the netbios name of the server is.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Thu May 13, 2010 11:05 am    Post subject: Reply with quote

Cheers, Ryan.

Just about to go off on leave but this is one of my first projects back so I may be back screaming for help Wink lol
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Thu May 13, 2010 4:36 pm    Post subject: Reply with quote

Enjoy your time away from work Wink
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Thu May 13, 2010 4:40 pm    Post subject: Reply with quote

ryansutton wrote:
Enjoy your time away from work Wink
always Wink 10 days surfing, back for 10 days then a 7 days climbing in France. Can't wait!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
moondoggie
Lurker
Lurker


Joined: 27 May 2005
Posts: 19


Offline

PostPosted: Thu May 13, 2010 5:36 pm    Post subject: Reply with quote

vacation time? are you sure you're an IT professional? Razz
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Mon May 17, 2010 5:59 pm    Post subject: Reply with quote

You can usually re-download the certificate from the provider (at least in Go Daddy's case you can...).
Back to top
View user's profile Send private message
njan
Trusted SF Member
Trusted SF Member


Joined: 02 May 2005
Posts: 9
Location: Scotland, UK

Offline

PostPosted: Thu Jun 03, 2010 6:06 pm    Post subject: Re: Rebuilding Exchange server and SSL cert Reply with quote

graycat wrote:
possibly daft question but I'll throw it out there anyway - what'd happen to an SSL cert used on an Exchange box if the server was rebuilt? would the cert still be valid?


Unless it's been marked as non-exportable, you should be able to export the certificate including the private key to a pfx file using the certificate management MMC snap-in from the local certificate store. You can then re-import the PFX file on any other host.

If it has, you may have to get the certificate provider to issue a new certificate. Obviously since the certificate issuing process generally involves a certificate request generated by the host that wants the certificate the CA won't have your private key (this is retained by the requesting host), so you'd need a completely new certificate, even if it had the same canonical name.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Tue Jul 13, 2010 2:40 pm    Post subject: Reply with quote

Hey guys,

in the end I did a p2v conversion of the server and built a new one using the hardware.

I did run into an interesting scenario of importing the cert from an Win2k / Exch2k / IIS5 box into a Win08 / Exch07 / IIS7 box. Initial export / import was fine but IIS7 threw a wobbly importing a new UC cert that took a while to sort out. Smile
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter