Exchange OWA Certificate Question

Hello All
I just have a question regarding exchange owa certificate which is about to expire. (owa.domain.com, autodiscover.domain.com, mail.domain.com )
I have 
Site one 
  Mailbox 2013 Server1
  CAS 2013 Server1
  Edge 2013
Site 2
   Mailbox 2013 Server2
   Cas 2013 Server2
   Edge 2007
Exchange high availability configured. On ECP I am seeing my OWA certificate about to expire on both CAS on the same day(same cert)
I would like to create a new certificate, not renew as I have some old domains to remove from the cert.
My question is, when I create the the new request from ECP - Cas Server1, send to the CA and then install the, how will this reflect for the certificate that is expired on CAS server2? 
Thanks

Hi nricki,
Agree with Hinte, you can export the new certificate which was created in CAS1 server and then import it to CAS2 server.
The following article for your reference:
How to Export/Import an SSL Certificate to Multiple Exchange 2013 Servers
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Niko Cheng
TechNet Community Support

Similar Messages

  • Can't install exchange OWA certificate?

    I have a 3GS on 3.1 and have tried to email myself our OWA certificate to my gmail account. When I try to open the attachment I get a message that says "Invalid Profile Profile format not recognized" If I go to the Gmail site and view it that way Safari tries to open it a new window and I get a similar message. I see lots of people have easily got the cert installed on the phone without problem and haven't really found anyone that can't even get the attachment to open. Much appreciated in advance.
    Message was edited by: klutch14u

    How are you exporting the certificate? Also, you should be sending yourself (exporting) the root certificate that signed your OWA cert, not the server cert itself - unless this server is also the cert-issuing server.
    The easiest way I have found to do it is to open OWA in IE. Click on the lock to view certificate. Click on certification path, double click on the top level certificate (it should not be Verisign, Thawte, or any other already installed CA), View certificate, details, copy to file. Follow the wizard to create the export. I believe the DER binary works fine.
    Let us know how you make out.

  • Exchange 2013 Certificate Question

    Hi,
    I have an Exchange 2013 and AD servers running on server 2008 R2. When you go to create an outlook account you are prompted that a certificate for mydomain.com.au has expired. When you click to view this certificate, it is referring to "www.mydomain.com.au".
    Once you accept the message it goes away, the outlook account sets up OK and the message does not show again unless you set up another account.
    The internal domain name is internal.mydomain.com.au. The Exchange server has a valid purchased SSL certificate that applies to autodiscover.mydomain.com.au, mail.mydomain.com.au, mydomain.com.au and the exchange servers internal name until 2015. The "www."
    cert and website for this domain is separate to the internal servers and mail. The cert for the website has indeed expired but my question is even though it is the same domain why would this internal exchange server be querying the www. certificate when creating
    an outlook account.
    Bit of a tricky question hope I have explained it OK.
    Thanks Robbie

    Hi Robbie,
    Your certificate expired issue may occur when using the Autodiscover service and Outlook Anywhere service. Please follow these steps to have a check:
    1. verify the FQDN that the client users to access the resource from Outlook:
    a. Start Microsoft Outlook.
    b. Click File > Account Settings, click Account Settings.
    c. Click the E-mail tab, click the Exchange account, and then click Change.
    d. Click More Settings, and then click the Connection tab.
    e. “Connect to Microsoft Exchange using HTTP” should be checked, then click Exchange Proxy Settings.
    f. Note the FQDN that is listed in the Only connect to proxy servers that have this principal name in their certificate box. For example, mail.contoso.com.
    2. Run the following command in Exchange to determine the value for the CertPrincipalName attribute for EXPR name:
    Get-OutlookProvider
    For example, the command returns the following: 
    msstd:server1.contoso.com
    3. Modify the CertPrincipalName attribute to match the FQDN that Outlook uses to access the resource:
    Set-OutlookProvider EXPR -CertPrincipalName:"msstd:<FQDN the certificate is issued to>"
    For the Autodiscover service checking, please open outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar - Test Email AutoConfiguration. Put your email address - uncheck use guessmart and secure guessmart authentication
    - click Test to check your Autodiscover service. If possible, please post the Results tab here for more troubleshooting.
    Thanks,
    Winnie Liang
    TechNet Community Support

  • How to export an exchange 2007 owa certificate from production to lab environment

    I'm setting up an Exchange 2007 Lab but I have a trouble regarding exchange's certificate
    Note: My lab environment is not conected to internet
    I've followed the next link but it doesn't work
    https://www.digicert.com/ssl-support/pfx-import-export-exchange-2007.htm
    Once I finished all the steps if I run the next powershell command get-excahangecertificate I see that my exchange certificate has the status as unknown
    I'm not sure if the problem is related with the server is not conected to internet, so exchange is not be able to check the status of the certificate.
    I've tried to turn off the Check for publisher’s certificate revocation option on the server
    To do this, follow these steps.
    Start Internet Explorer.
    On the Tools menu, click Internet Options.
    Click the Advanced tab, and then locate the Security section.
    Click to clear the Check for publisher’s certificate revocation check box, and then click OK.
    After the update rollup installation is complete, turn on the Check for publisher’s certificate revocation option.
    But it still not working
    Could anyone help me?
    Thanks in advance

    Hi Pardo,
    According to your description, I understand that the exchange certificate cannot work and display unknown status after import it.
    If I misunderstand your concern, please do not hesitate to let me know.
    Depending on the results of “Get-ExchangeCertificate | FL”, please pay attention to following points:
    1. RootCAType: Registry
    “An internal, private PKI root CA that has been manually installed in the certificate store.”
    2. Status: Unknown
    “This status generally indicates that the status of the certificate cannot be verified because the certificate revocation list (CRL) is unavailable or this server cannot connect to it.”
    The reason why it failed is that internal Exchange server cannot connect to CRL. As you mentioned, exchange can’t be able to check the status of the certificate.
    More information about Certificate Use in Exchange Server 2007, please refer to
    Certificate Fields and Configuring Access to the Certificate Revocation List
    section in below link:
    http://technet.microsoft.com/en-us/library/bb851505(v=exchg.80).aspx
    However, we can renew a certicate from local CA:
    http://technet.microsoft.com/en-us/library/bb310781(v=exchg.80).aspx
    Best Regards,
    Allen Wang

  • Changing Exchange OWA URL, and MX record

    Hi all,
    We are planning to change our Exchange OWA URL from "https://webmail.saigon.com" to "https://webmail.city.saigon.com"
    My question is Do I need to do anything to the MX record?  The Exchange server name and IP remain the same.  Only the URL get changed for the internal, and external.
    Thanks

    Hi Brichardi,
    Thank you for your question.
    If we want to change Exchange OWA URL from https://webmail.saigon.com into https://webmail.city.saigon.com  for internal and external, we must modify the following items:
    1. MX record
    We could ask to our ISP for help.
    2. Exchange certificates
    We could remove the old exchange certificate and resign a new certificate for Exchange server.
    3. Re-configure virtual directory URL (OWA,OAB,ECP.EWS,ActiveSync,Autodiscover)
    We could refer to the following link:
    https://technet.microsoft.com/en-us/library/ff629372(v=exchg.141).aspx 
    If there are any questions regarding this issue, please be free to let me know.
    Best Regard,
    Jim
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Jim Xu
    TechNet Community Support

  • Exchange (OWA) access with Nokia Messaging

    Thank you for enabling corporate mail (Exchange / OWA) is now working under Nokia Messaging.
    I summarize a few items that could be improved:
    1 In order to install this, you first need to log into the service with an online web account and only then can you install your corporate account. You can later delete the online web account. This is awkward.
    2 Within Nokia Messaging I cannot set the email address I wish to show when I send someone an email.  I use in my corporate email an alias which is slightly different from the main domain: for example if my corporate email address would be [email protected], then my alias would be [email protected]
    3 Within Nokia Messaging I cannot set the reply_to address
    4 Within Nokia Messaging I cannot accept calendar invitations. 
    5 MFE used to work fine with the 3G Portal (WAP based) access point and this saved me from using the 3G/Internet connection (payable). However, Nokia Messaging does not work on the 3G Portal access point and has to be set to 3G/Internet. This means that using Nokia Messaging will cost me more than MFE. 
    Message Edited by rrrr123456 on 05-Mar-2009 01:01 PM

    Can you please tell us how did you configure OWA on Nokia messaging, because as from Nokia support team , OWA is not supported in Nokia messaging !
    Please advice.
    Thanks
    Haikal

  • User http access after OWA certificate expired

    we are facing problem with owa certificate, we need enduser to access OWA using http not https
    Ahmed

    Hi Ahmed,
    Please use following article to simplify the OWA URL.
    Simplify the Outlook Web App URL
    https://technet.microsoft.com/en-us/library/aa998359(v=exchg.150).aspx
    Thanks
    Mavis Huang
    TechNet Community Support

  • Exchange/OWA with Mail

    Hi!
    I have a problem. My exchange server at work doesn't support IMAP or POP connections, so I'm stuck with OWA. Now with Mail, I can connect to an exchange server using OWA, but why do I have to put an 'incoming mail server in'? I am just thinking that it's pretty useless since you need an IMAP server anyways.
    Is there something that I'm missing? Is there possibly anything else that exists out there (besides Evolution) that can handle Exchange/OWA?
    Thanks!

    I'm not 100% positive, but I believe the OWA spot in the Mail config is for Address Book syncing. As far as using Mail to connect to Exchange though, you need IMAP turned on. Your other alternatives are Entourage, and as you already mentioned, Evolution.

  • Server essentials 2012 uses wrong certificate for Exchange OWA

    I have two servers  (Essentials 2012 and Exchange 2013) behind a firewall. port 443 is routed to essentials.
    I have set up arrconfig following TechNet  jj200172  (in fact I followed this link closely for the entire setup).
    Our client has a single external static ip & two certificates (godaddy) . I’ll call them arr.help.ca   and mail.help.ca
    On the lan, I has split dns so that Outlook trying to reach  "http  mail.help.ca" gets the local ip.  In fact all is working fine on the Lan.
    From the WAN  "https  arr.help.ca"   present the essentials web page, with desktop and shared folders working fine, but...
    From the Wan   "https  mail.help.ca/owa"   presents the owa logon page, but also the browser warning that the cert is incorrect.
      The problem is the cert presented is arr.help.ca, not mail.help.ca
           The cert chain is fine (i.e. the godadddy intermediate cert is trusted),
           both certs are not expired,
           the cert subjects are correct.
    Any idea's on how to troubleshoot this?

    Hi Rick,
    Did you use the
    Microsoft Remote Connectivity Analyzer Tool to check if there has any connectivity issue firstly? Meanwhile, please refer to following Robert’s article and check if can help you.
    On
    Premises Exchange Integration Windows Server 2012 Essentials
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • SSL client certificate problem with exchange owa

    Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
    When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
    Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
    I cannot get through this dialog because it seems I do not have the required certificate.
    What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
    I do not understand what mobileme has to do with this exchange server at all.
    What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
    Can anybody point in the right direction please ?
    For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
    Another strange bit, when setting up the exchange server inside mail.app, it works perfectly...

    Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
    When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
    Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
    I cannot get through this dialog because it seems I do not have the required certificate.
    What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
    I do not understand what mobileme has to do with this exchange server at all.
    What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
    Can anybody point in the right direction please ?
    For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
    Another strange bit, when setting up the exchange server inside mail.app, it works perfectly...

  • Treo 800w / Exchange / invalid certificate

    Cannot get e-mail nor sync contacts, etc. using ActiveSync. Get "security certificate on this server is not valid" Support code 80072f06.
    There are two issues:
    1. The certificate is my SBS2003 self-issued certificate & works fine with Outlook Web Access, etc.
    2. Six weeks ago, the local Sprint store somehow configured this so it worked without any problem and without installing the certificate.
    I install the certificate using the native Windows Mobile 6.1 cert installer, but it does not work. I have tried editing the phone's registry using a variety of registry-editing tools to bypss cert-checking, but each attempt to edit the reg is met with "Access denied".
    Already deleted Exchange account & ActiveSync partnership & recreated - to no avail.
    Stuck.
    Post relates to: Treo 800w (Sprint)
    This question was solved.
    View Solution.

    Actually, you nailed it a couple of posts back. I finally deleted & recreated the cert, and it worked. Here was the problem: the SBS cert-creation wizard suggests this format for the server name:
    ServerName.Subdomain.Domain.com (FQDN of the server)
    However, from outside, the path is just Subdomain.Domain.com (no server name - the server name is relevant only inside the LAN).
    There were two red herrings here.
    1. The cert worked just fine with the server name in there for OWA.
    2. Someone at the Sprint store had gotten this working without the cert for a period of about three weeks. They did something six weeks ago that got it working without even having the cert installed; when that quit working, even they could not remember what they had done. I know there is a registry hack that can tell the Treo to bypass cert-checking, but neither of the mobile registry-editing tools I tried to do that would work - both gave me Access denied errors.
    All's well that ends well, though, I guess. Now I know to not take the SBS wizard's word for it on the path.
    Thank you very much. We appreciate the help.
    Post relates to: Treo 800w (Sprint)

  • Exchange 2013 Certificates for Hybrid Deployment Clarification

     I have an Exchange 2013 servers (CAS and Mailbox on separate server) which I wanted to setup for Hybrid deployment. I already have a certificate acquired from 3rd party with 3 names (mail, autodiscover and owa). the certificate was installed in the
    CAS server. As per the hybrid deployment documentation I need also to install a certificate in the mailbox server, questions:
    1. Can I use the same certificate for installation in the mailbox server?
    2. Can I also use the same certificate in the Hybrid Configuration wizard for the "certificate to use with securing the hybrid mail transport"?
    3. Do I need to include the primary smtp domain (xxxxx.com) in the certificate since current configuration points to the mail.xxx.com as the certificate common name?

    Hi,
    Here are my answers you can refer to:
    1. It depends.
    The certificate used for hybrid secure mail transport must be installed on all on-premises Exchange 2013 Mailbox and Client Access servers.
    If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.
    2. Yes. But we recommend that you use a dedicated third-party certificate for any optional AD FS server, another certificate for the Exchange services for your hybrid deployment, and if needed, another certificate on your Exchange servers for other needed
    services or features.
    3. Yes. Here are the minimum suggested FQDNs that should be included on certificates: domain.com, autodiscover.domain.com, edge.domain.com
    For more information, you can refer to the following article:
    http://technet.microsoft.com/en-us/library/hh563848(v=exchg.150).aspx
    If you have any question, please feel free to let me know.
    Thanks,
    Angela Shi
    TechNet Community Support

  • Exchange Mail Certificate Expired

    Since our certificate expired this past weekend no one outside the firewall can connect to the Exchange server via Outlook or OWA.
    Our IT Director created a new certificate on the Exchange Server, but users trying to get mail on mobile phones or from home computers cannot connect to the exchange server.  What could be the cause?  Does the new certificate have to be installed
    on each client computer? Reason I ask is that we have people all over the country.

    Hi,
    Before we go further, I'd like to confirm if the certificate is self-signed certificate or internal CA certificate.
    If yes, I'd like to say, to confirm users trust the certificate, we need to install the certificate on everu clients.
    If you have any question, please feel free to let me know.
    Thanks,
    Angela Shi
    TechNet Community Support

  • Exchange OWA 2010 is not showing events on calendar correctly.

    I have Exchange 2010 setup on 2 servers running Windows 2008 R2 Standard.  Some users' OWA accounts, (mine included) are working just fine.  Other users, are showing just a blank gray box on the calendar.  Even if there are
    multiple events that day, there is just one blank gray box.  You can read the event in the reading pane on the side but you cannot edit it, or delete it.  Clicking on the box brings up the create new event pop-up box instead.  If I click
    on the monthly view, all the events are garbled up in the upper left hand corner of the calendar.  I am up to date on all of my security updates and this issue is intermittent between users.  Some users work fine, others don't. 
    I've tried Firefox, IE 11, and Google Chrome on the same computer and the same thing happens in all 3 where my account works just fine and this particular user's account does not.  I might also mention that our company uses a
    portal where users log into one form and are then rerouted to a page with several apps, OWA being one of them.  If I login to OWA using the default website address (it uses forms based authentication) everything works fine for every user. 
    This problem only occurs on certain users when using the single sign on through the portal.  Any help would be appreciated!  Thanks in advance!
     

    Hi ,
    Thank you for your question.
    By my understanding, if we logon OWA using default website address without any problems, it mean OWA on Exchange is fine. We could contact application developer for solution.
    If there are any questions regarding this issue, please be free to let me know. 
    Best Regard,
    Jim
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Jim Xu
    TechNet Community Support

  • Accepted domains in Exchange SAN certificate

    Hi All,
    I am having few queries please clarify me .
    In my environment ,i having the accepted domains list like below 
    xyz.com
    abc.com
    All the users in my organisation is having the primary smtp address as [email protected] and secondary smtp address as [email protected]
    In my san certificate i am not having any of the above mentioned accepted domains.
    Do i need to have all the accepted domains on the SAN certificate or else only primary smtp address domain suffix is enough ?
    In case if don't have any of my accepted domains suffixes in SAN certificate what will happen ? Because why i am asking is i am not getting any certificate related errors ?
    As an additional info , we are using the single namespace for exchange services like owa ,activesync ,pop/imap  and outlook anywhere (both internal & external ) and that name is available in my SAN certificate.
    Autodiscover namespace is also included in my SAN certificate .
    Thanks S.Nithyanandham

    Hi Imkottees,
    Thanks a lot for your immediate response.
    But still i am having some queries please explain me what you are trying to explain on this below line ?
    "But you need this for all Primary domains used in your environment"
    Regards
    S.Nithyanandham
    Thanks S.Nithyanandham

Maybe you are looking for