MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange 2007 Certificate and Coexistence

Today we will see the steps to install or replace the steps of Exchange 2007. We will also see the changes required in the co-existence.

I would recommend to review this blog to know how to request new cert and review the private key: http://msexchangeguru.com/2012/07/24/edge-server-tls/


Exchange 2007 Certificate Installation and replacement

  1. Get the certificate for the following urls from your certificate provider

    autodiscover.domain.com – for autodiscover

    legacy.domain.com – for Exchange 2007 owa and ews

    mail.domain.com – for owa, outlook anywhere, pop, imap, EWS and activesync

  2. Go to Start Run
  3. Type MMC hit enter


  4. Click File à add/remove snap-in



     

  5. Select Certificates à Computer accountàLocal Computer


  6. Click ok then ok.


     

  7. Browser to Personal à Certificates
  8. Right Click here à Import certficate à Select .cer or .pfx (pfx file will ask password) à Click next à next and Finish



  9. Certificate is installed but not enabled
  10. Open Exchange management shell with run as administrator
  11. Run the cmd to get the thumbprint:

    Get-ExchangeCertificate | fl Thumbprint,Friendlyname

  12. Run the cmd to enable certificate and assign it to services

    Get-ExchangeCertificate -Thumbprint “thumbprint which we got in the previous cmd” | Enable-ExchangeCertificate -Services IIS

  13. IISreset /noforce
  14. You might need to run iisreset few times until services say stopped and started

    Are We Done?

    Answer is yes if this is the only certificate you have install on this server like.

    Answer is no if this is a renewal or new certificate installation means you had a working certificate.

    Exchange 2007 is way different than Exchange 2010 or 2013 which cannot work with multiple certificates for the same url. So we need to remove the old certificate other you owa will stop working because of existing certificate.

 

15. Got back to the below location, Export the old certificate for backup them remove the old certificate.

Select Certificates à Computer àLocal Computer à Browser to Personal à Certificates                               

         

             16. IISreset /noforce

             17. You might need to run iisreset few times until services say stopped and started

 

 

Co-Existence with Exchange 2013:

Here are some facts about Exchange 2007 co-existence with 2013:

  • Exchange 2007 works differently than Exchange 2010 so it becomes important for OWA and EWS to use different urls.
  • This also means we need to obtain a new certificate if you just have 2 urls mail and autodiscover.
  • If we will use same url on both 2013 and 2007 for OWA and EWS then redirection will fail with most likely error “The Webpage has a redirect loop”


  • If you have 3rd url exist in the certificate then you can use this as legacy url on exchange 2007.
  • Legacy can be replaced with any other word or url.
  • Public host record is required for all 3 urls.
  • Internal AD Host record is required for all 3 urls.
  • So for co-existence with Exchange 2013 you need to use 3 urls mentioned below:

     

  1. Mail.domain.com = Exchange 2013 OWA/POP/ECP/EWS/IMAP/OA/Activesync
  2. Autodiscover.domain.com = Exchange 2013 and 2007 Autodiscover
  3. Legacy.domain.com = Exchange 2007 OWA/POP/ECP/EWS/IMAP/OA/Activesync

 

 

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru

One Response to “Exchange 2007 Certificate and Coexistence”

  1. Blog Posts of the Week (15th - 21st September 2013) - The South Asia MVP Blog - Site Home - TechNet Blogs Says:

    […] Exchange 2007 Certificate and Coexistence […]

Leave a Reply

migrate exchange to office 365

Categories

Archives