exchange 2010 with TMG server certificate expired
hi,
I have Exchange 2010 2 CAS server and 2 TMG with EDGE role server, i publish a OWA and outlook anywhere from TMG now the problem is my certificate has expired today and i want to renew it with below step but i run get-exchangecertificate i did get the expired
certificate on both CAS server. if run same command on TMG with EDGE server its showing me the expired certificate.
I have following setp to renew certificate.
step 1
New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName: ocb.domain.local, ocbomsrv18.domain.local, webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com,
outlook, domainrealty.com, autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true
step 2
certreq.exe -submit -attrib "CertificateTemplate:WebServer" c:\cert_request.csr
step 3
Import-ExchangeCertificate -path c:\name.cer -friendlyname webmail.domainmall.com
step 4
Enable-ExchangeCertificate -thumbprint <New Certificate thumbprint> -services IIS,POP,IMAP,SMTP
step 5
Remove-ExchangeCertificate -Thumbprint <old Certificate thumbprint>
Now please suggest me if any changes are required in this or after renewal i have to make changes in TMG server and outlook anywhere users machine.
Regards
sameerregards Sameer Shaikh
September 7th, 2012 3:20pm
step 1
New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName: ocb.domain.local, ocbomsrv18.domain.local, webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com,
outlook, domainrealty.com, autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true
regards Sameer Shaikh
Hi,
I strongly suggest that you change the order of the Domainnames in your certificate. If you don't you could get problemes with Windows XP connectig with Outlook Anywhere if you haven't hardcoded the Outlookprovider EXPR.
If webmail.domain.com is the name you use for Outlook Anywhere, put that name first.
I also don't see a good reason to add these names in your certificate:
autodiscover.domain.LOCAL
outlook
domainrealty.com
Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2012 6:40am
Hi
Do you have anything update on your issue ?
If post is helpful to you, please mark it as answer.Terence Yu
TechNet Community Support
September 11th, 2012 2:14am
Hi, Thanks for reply i have change the name order, but i have to change some setting on TMG server Listener also please look at the step 6 and 7.
step 1
New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName:webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com, outlook, domainrealty.com,
autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true
step 2
certreq.exe -submit -attrib "CertificateTemplate:WebServer" c:\cert_request.csr
step 3
Import-ExchangeCertificate -path c:\name.cer -friendlyname webmail.domainmall.com
step 4
Enable-ExchangeCertificate -thumbprint <New Certificate thumbprint> -services IIS,POP,IMAP,SMTP
step 5
Remove-ExchangeCertificate -Thumbprint <old Certificate thumbprint>
Step6
Imported exchange certificate in both TMG server
Step7
Changed the certificate in TMG listener policy.
thanks again the problem has resolved.
regards Sameer Shaikh
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2012 5:21pm