Renewing Commercial certificate on Exchange 2016-19

From Apoyar Wiki
Jump to navigation Jump to search

Renewing Commercial certificate on Exchange 2016-19


To check certificates in A1


- Login to support.apoyar.net

- Go to CMDB

- Power search

- Type SSL and hit enter

- Click on Apoyar certificate store


Here will get the list of certificates



To renew on exchange server

- Login to exchange.wise.apoyar

- Open exchange admin centre

- Go to servers

- Click on certificates

Will get here list of certificates, there are 2 types of certificates


Self-signed - free one

Commercial – need to buy

For exchange we are using commercial one

From the above list, click on exchange, will get all details of exchange certificate

- Click on renew

- Enter the UNC path of fullchain by copying from file explorer

- Click on OK


Then

- login to secureserver.net

- SSL

- Go to WG, click on manage


New window will open for zeus.wise-geary.co.uk

- Under certificates, open Re-key your certificate

- Open our generated certificate fullchain key

- Paste under CSR

- Click on “Add Changes”

- Click on “Submit All Changes”


It will take 5-10 min to take effect, then will receive an email about our new requested certificate (we receive a zip file)

To be on safe side, we can import all generated certificate files in certificate store on server


- Open Microsoft management console on exchange server

- Click on file

- Click on add/remove snap

- Choose certificate

- Click add

- It will give popup, asking what certificate is for

- Select here computer account

- Click on next

- Select local computer

- Click finish

- Click OK




Once done, will get all certificates here

- Right click on trusted root certificate authority

- Choose all tasks

- Click import

- Click next

- Select here that generated certificate

- Click on open


Now we have another certificate to import


- Go to exchange admin center

- Servers

- Certificates

- Click on import, select certificate and import


Once import done

- Click on imported certificate

- Click on edit

- Click on services

- Only tick SMTP, POP, IMAP, and IIS.

- Click on save

So after this, sometimes need to restart exchange server.

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Renewing_Commercial_certificate_on_Exchange_2016-19&oldid=230