Thursday, August 19, 2010

Import and Export Certificate Exchange 2010

Here is the scenario , we are doing migration from Exchange 2003 to Exchange 2010. We have existing certificate called webmail.smtp25.org and we wish to move this over to Exchange 2010. 

I think this will be pretty common thing in these type of migrations. One thing I found out supper easy is not to kill yourself to try to share  the existing  cert and the URL being used to access the webmail. For instance if you are using webmail.yourCompany.com

webmail.yourCompany.com =Valid Cert = Exchange-2003 Server

And as soon as you moved first user on Exchange 2010 , accessing Existing  URL wont work for the user on Exchange 2010.  Here is what I have done couple times to get around this type of issues and make migration pretty seamless to end users (-: …..

I purchased new cert ( GoDady fro $10 bucks) and called it  owa.yourCompany.com

owa.yourCompany.com=New Valid Cert=Exchange 2010

 

I configured this cert on the E210 server and told costumer everyone who gets migrated on E210 will use this link to access their webmail. This made my job supper easy and at the end of the migration I export the cert from E03 imported into E210 and done with migration.Wink

  • STEP 1:  Export Certificate and Private Key from the IIS 6.0 server

    Create an MMC Snap-in for Managing Certificates:

    1. Start > run > MMC
  • Go into the Console Tab > File > Add/Remove Snap-in
  • Click on Add > Click on Certificates and click on Add
  • Choose Computer Account
  • Choose Local Computer
  • Close the Add Standalone Snap-in window.
  • Click on OK at the Add/Remove Snap-in window

image

image

  • Open Certificates Console Tree
  • Go to Personal
  • Right click Certificates
  • Choose ALL TASKS
  • Select Import to start the Certificate Import Wizard
  • Click Browse
  • Locate the .pfx file
  • Click Open
  • Next
  • Finish

image

image

After this is completed rest of the work is supper easy go to EMC and drill down to server configuration , you will see the certificate there , just assign services to this certificate to finish the work

image

image

image

image

 

 

Resource Links

Respectfully,
Oz Casey, Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog
http://telnet25.spaces.live.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

7 comments:

stealthbits said...

Hello Friends,

During an Exchange 2003 to 2010 transition a legacy namespace is configured for users who are connecting to Exchange 2003 mailboxes. The Exchange Server 2010 SSL certificate includes the legacy name in its Subject Alternative Name field, but this certificate then needs to also be installed on the Exchange 2003 server. Thank you....
Server Auditing Tools

Amit said...

nice

Tee Chess said...

Will the previous certificate work if we migrate to upper version ? The scenario that you have shared made me to think and confused me. You have cleared the doubt in a very easy way. Thanks.
electronic signature FAQ

Unknown said...

I too got the same doubt @ Tee Chess.

Exchange Migration

Digital Signature Certificate said...

Thanks for sharing great your information with us. We all like it..

signyourdoc said...

Is digital signature for income tax use for account login

Digital signature services said...

You have cleared all the doubt using this valuable post. Its very important for any digital signature franchise