http://www.msexchange.org -------------------------------------------------------Okay, recently completed a migration from SBS 2003 to SBS 2008 including the existing SSL cert which is due to expire in about a week. Knowing that generally one wants a UC SSL cert for Exchange 2007 and the old cert provider is not around anymore (registrfly) and the client being a non profit has arrangments with IPSCA for free certs, it's time to start from scratch. I want to have the least amount of disruption for the end users that are using Outlook/Mapi in the office, same over VPN and also using OWA. Best I can tell, I'll need to remove the existing cert from IIS to generate the new CSR for IPSCA, that'll mean that OWA no longer works and same for RPC, but that mapi access should still work fine. I see 2 ways around this 1) generate csr on a different unrelated machine, I have access to IIS6 on SBS 2003, install cert and export it in pfx format along with the private key, then import into SBS2k8/IIS7. 2) remove current cert breaking owa and rpc until new cert is provided, generate csr and install new cert once verification is completed by IPSCA My concerns: cert install with IIS7/Ex2k7 as talking to other admins and doing a bit of reading, things are different in that environment where ssl certs are concerned. I've heard and read both that you have to install the new cert using IIS AND using the Exchange Console, other reading suggests only one or the other is necessary to accomplish this. Given a recent situation where I provided a new cert using method1 above to a client's managed exchange provider and then had mail stop working for all the staff at 3 offices after they installed it, I am leery... Everyone uses RPC and any email sent/received that way stopped working, owa/webmail worked but at the same time one of the mail transports died so email wasn't going in or out. A bit of a nightmare. I'm hoping for a smoother transition with this SBS2k8 machine. Comments? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help@xxxxxxxxx (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice) ------------------------------------------------------- List Archives: //www.freelists.org/archives/exchangelist/ MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/ MSExchange Blogs: http://blogs.msexchange.org/ ------------------------------------------------------- Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------- To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp Report abuse to listadmin@xxxxxxxxxxxxxx