Just realized the self-signed cert is about to expire within 10 days. Is there any way I can renew my self-signed cert without removing the existing one and losing any uptime of Exchange 2k3?
That would be a good solution, but I would prefer to keep using my own CA to issue the Self-signed cert. Just not so sure the exact procedure on how..!! Hope someone can help.
I can spend time explaining how to do it, Google can help you understand how to do it, searching in this forum or the IIS forum will also explain how to do it.
Once you have got some information, you can try to implement in your system until you get it done.
Then explain to your users about continuing past a self signed certificate, getting Outlook Anywhere to work correctly, getting Windows Mobile devices working for those that will work with self signed certs or go to godaddy and spend $20 for a 2 year certificate.
Exchange MVPs are recommending this even for single user Exchange servers due to the drop in issues and increase in useability.
I ran into this issue a couple weeks ago myself.
There are two easy approaches you can take.
If the server is an SBS server you can run the Server Management console.
Select "To Do List"
and run the "Connect to Internet" wizard.
That should work, but if not there is another option.
If you are running any version of Microsoft Server 2003 and Exchange 2003; the second option is to get the IIS Resources Toolkit from Microsoft
Once installed, you will have a new menu in your start menu that says "IIS Resources" in that folder there is a folder called "ISS CertDeploy.vbs" select that folder and you will find the "IIS CertDeploy.vbs" program. this is a command line tool and does a pretty good job telling you how to deploy a new cert.
Follow the instruction that come up as soon as you load the program, and within mintues you have your new Self Signed SSL cert deployed.
Thanks for all valuable comments. I would probably take a look at the IIS resources-kit solution. Since I am running the Win2k3 Std and Exchange Std 2k3 server.
Let's assume that it takes 30 minutes to renew the self signed certificate and you do that each year.
Let's further assume that you only waste in total 5 minutes per employee including time taken by support to sort out problems with Outlook clients, PDAs, mobile phones, OWA etc.
Finally let's assume that the average wage is $20 an hour and that you have 24 employees in the company (because the maths is easier).
Renew certificate: 1 hour across 2 years.
Sort out 1 Outlook issue and 0.5 mobile device certificate problems per user in the 2 year period: 3 hours total.
Total expenditure: 4 hours or $80.
These numbers are very conservative. Not only do you get more productivity, you don't get nag screens for every user every time they use a new device and number of support calls drops.
Ah - I didn't know you were HK! You'd probably need a SAN certificate which will bump up the price. I'll see if I can find the doc you need and will post it if I can find it
Though it is ALWAYS best to have a signed cert from a known CA, it isn't the only answer.
When it comes to OWA, Outlook,RPC-over-HTTPS, and OMA, I have yet to run into a single problem with a self signed SSL. It takes only a minute longer to properly install the self signed SSL.
I certianly agree with Zelandakh, that buying the SSL cert is the best approach.
But as we all know, in this industry, depsite our recommendations we have to do what management/the client asks.
The IIS Resources Toolkit is well documented, and should work perfectly for hk domains since you tell it the domain name. you can select how many days the cert is good for, and i belive it maxes out at 3 years (maybe 5). i have only had to use it once, but i opened the program and just typed /help and read the short helpfile with examples that was on the page. took less than half an hour to setup the new cert.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.