The mystery has been solved! Most of all my friends that work with
exchange server ssl certificates have asked the question, ” how do we renew our
ssl certs?”, given the new feature of renewing your cert with in the gui of
emc. Well Microsoft has given the feature to us but no one knows how to
use it. I will reveal the procedure so it will make life much easier and
quicker for those that are trying to renew and not have to go through
recreating the cert. And, for all that are using Exchange 2007 – here is a tool that will help to
assist you,.here
Existing ssl cert in the emc – click on the server configuration
down under exchange certificates you will click on the cert that needs to be renewed. Once clicked – click on the renew certificate to the right.
Run through the wizard and save the reg file where you can find it…I typically create a dir called ssl_cert and then name the files by date or renewal. Remember this will create a “reg” file not your typical csr or anything else. You won’t need to open this file either. Just upload it to the converter site and it will take care of it for you.
This is were most don’t know what to do with this file as it is encrypted different than what most CA will except. We have to convert it so that the CA will issue the cert based off the base64 standard.
Go to this website or your favorite base64 converter site. http://www.motobit.com/util/base64-decoder-encoder.asp
You will now upload your file and convert it.
now we need to put it in the format that will be accepted
open up notepad and paste this in first
Link to an example csr file
—–BEGIN CERTIFICATE—–
(base64 code goes here – make sure not to have this text in here)
—–END CERTIFICATE—–
once done copy and paste your base64 code in between the the statement above
should look something like this:
—–BEGIN CERTIFICATE—–
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfds
—–END CERTIFICATE—–
You will copy and paste your cert request from notepad and then submit it to your CA for approval. Most CA will allow you to renew your existing cert but you have to go the request process again, just won’t have to go through the request process on the exchange server again.
After submitting in and approving it CA will send notification about your new ssl cert renewal. Download the cert and click on the complete appending certificate. Find your cer or crt file and click next in th wizard. Once exchange and imported this new cert you will need to remove the old one and assign services to the cert i.e. smtp, imap, POP etc.
That is it. Have fun configuring exchange and see you on the next cool thing about exchange.
Request in AD
Finish
sumber : http://www.configureexchange.com/how-to-renew-ucc-ssl-cert-for-exchange-2010/
No comments:
Post a Comment
Jika Blog ini bermanfaat untuk anda. Silakan Tinggalkan Komentar Anda