Hello, Find below my configurayion: Microsoft Windows Server 2003, Enterprise Edition x64 - R2 Version 5.2.3790 ServicePack 2 Nu 3790 Type x64 **** Microsoft Exchange Environnement: Exchange Server 2007 Microsoft Corporation Version : 08.01.0263.000 --> I remember that I have had problem when adding a new sub domain with my OWA. IN fact users could not be authenticated. I had to connect on the Domain controler and create/import a SSL certificate to be able to establish a SSL connection (we do not have own certification authority) The SSL certificates are going to expired on the DCs and I would need a kind of refresh and know how to proceed? How to renew a certificate if we do not have our own certificate authority and last thing to know if there will be any service interruption?? Thanks, Graig

Get a new certificate, install it, and then enable it for the services. There should be no downtime. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Graiggoriz" wrote in message news:d1aa79cf-29e3-4663-a30c-bb46911533a4... Hello, Find below my configurayion: Microsoft Windows Server 2003, Enterprise Edition x64 - R2 Version 5.2.3790 ServicePack 2 Nu 3790 Type x64 **** Microsoft Exchange Environnement: Exchange Server 2007 Microsoft Corporation Version : 08.01.0263.000 --> I remember that I have had problem when adding a new sub domain with my OWA. IN fact users could not be authenticated. I had to connect on the Domain controler and create/import a SSL certificate to be able to establish a SSL connection (we do not have own certification authority) The SSL certificates are going to expired on the DCs and I would need a kind of refresh and know how to proceed? How to renew a certificate if we do not have our own certificate authority and last thing to know if there will be any service interruption?? Thanks, Graig Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Thanks Ed, In fact I have never done it I got actions details from a prior colleague. Therefore, could you please be more specific? knowing that I won't be able to generate myself a certificate (we do not have own certification authority). I would be very pleased if you could provide me more details. Thanks again. Graig

Sorry, I can't document the entire process because it's fairly involved and varies depending on who issues the certificate. I recommend you refer to an Exchange book or search the Internet and start reading articles. This stuff is written up in a lot of places. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Graiggoriz" wrote in message news:4b62fd25-b7e4-451f-bd96-6bb54c722265... Thanks Ed, In fact I have never done it I got actions details from a prior colleague. Therefore, could you please be more specific? knowing that I won't be able to generate myself a certificate (we do not have own certification authority). I would be very pleased if you could provide me more details. Thanks again. Graig Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Ed is correct in saying there are a couple steps to get this done. The first thing you want to do is issue the cert from an Exchange 2007 server. There are a couple good articles on how to do this but, the two that I like to reference are, http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx and http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx. Once you have issued the cert from the Exchange server now you need to logon against the CA server and create the cert. Here is a good link to follow http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html, skip to the section "Getting the Pending Request accepted by our Certificate Authority". Once you have the cert, make sure you install the parent cert on your Exchange servers and enable the services (IIS,POP,SMTP,IMAP) after the cert has been imported. You can follow the articles above for step-by-step directions on how import the cert and enable services. Check out our blog at http://cb5.com/blog Chris cbfive.com

Just some add on on the cert type . Now in market there are UCC cert type for exchange 2007 . It able to put multiple domains in one cert so that will make the deployment much easier .