How to renew UCC ssl cert for exchange 2010

The mystery has been solved!  Most of all my friends that work with exchange server ssl certificates have asked the question, ” how do we renew our ssl certs?”, given the new feature of renewing your cert with in the gui of emc.  Well Microsoft has given the feature to us but no one knows how to use it.  I will reveal the procedure so it will make life much easier and quicker for those that are trying to renew and not have to go through recreating the cert.  And, for all that are using Exchange 2007 – here is a tool that will help to assist you,.here

Step 1:

Existing ssl cert in the emc – click on the server configuration

down under exchange certificates you will click on the cert that needs to be renewed.  Once clicked – click on the renew certificate to the right.

Run through the wizard and save the reg file where you can find it…I typically create a dir called ssl_cert and then name the files by date or renewal.  Remember this will create a “reg” file not your typical csr or anything else.  You won’t need to open this file either.  Just upload it to the converter site and it will take care of it for you.

This is were most don’t know what to do with this file as it is encrypted different than what most CA will except.  We have to convert it so that the CA will issue the cert based off the base64 standard.

Go to this website or your favorite base64 converter site. http://www.motobit.com/util/base64-decoder-encoder.asp

You will now upload your file and convert it.

now we need to put it in the format that will be accepted

open up notepad and paste this in first

 

Link to an example csr file

—–BEGIN CERTIFICATE—–

(base64 code goes here – make sure not to have this text in here)

—–END CERTIFICATE—–

once done copy and paste your base64 code in between the the statement above

should look something like this:

—–BEGIN CERTIFICATE—–
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfds
—–END CERTIFICATE—–

You will copy and paste your cert request from notepad and then submit it to your CA for approval.  Most CA will allow you to renew your existing cert but you have to go the request process again, just won’t have to go through the request process on the exchange server again.

After submitting in and approving it CA will send notification about your new ssl cert renewal.  Download the cert and click on the complete appending certificate.  Find your cer or crt file and click next in th wizard.  Once exchange and imported this new cert you will need to remove the old one and assign services to the cert i.e. smtp, imap, POP etc.

That is it.  Have fun configuring exchange and see you on the next cool thing about exchange.

2 Responses to How to renew UCC ssl cert for exchange 2010

  • kirk Ables says:

    Thank you so much! This has saved me so many hours and scheduling with the clients to change/renew their SSL certs. This is great for Exchange server 2010, but do you have a solution for exchange 2007? If not, thanks so much for this as it truly has saved me serious time.

    Kirk

  • Mindaugas says:

    MANY THANKS, it worked as a charm ! (bow)

Leave a Reply

Your email address will not be published. Required fields are marked *