SOLVED

How to change ssl for edge ready configured hybrid with office365

%3CLINGO-SUB%20id%3D%22lingo-sub-695905%22%20slang%3D%22en-US%22%3EHow%20to%20change%20ssl%20for%20edge%20ready%20configured%20hybrid%20with%20office365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-695905%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20please%20guide%20help%20me%20way%20to%20change%20ssl%20in%20edge%20ready%20configured%20hybrid%20with%20office365%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-695905%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-698925%22%20slang%3D%22en-US%22%3ERE%3A%20How%20to%20change%20ssl%20for%20edge%20ready%20configured%20hybrid%20with%20office365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-698925%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20procedure%20is%20identical%20to%20renewal%20of%20regular%20Edge%20certificates.%20It%20helps%20if%20you%20have%20more%20than%20one%20Edge%20server%2C%20otherwise%20you%20are%20looking%20at%20a%20little%20downtime%20as%20you%20are%20recreating%20the%20subscription%20at%20some%20point.%20In%20short%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EImport%20the%20new%20certificate%20on%20all%20Edge%20server(s)%20and%20internal%20Exchange%20servers%20running%20Exchange%20Hub%20Transports%20%2F%20Multi-Roles%3B%3C%2FLI%3E%0A%3CLI%3EEnable%20the%20new%20certificate%20for%20SMTP%20services%20(Enable-ExchangeCertificate)%20on%20half%20of%20the%20Edge%20servers%20(this%20breaks%20mail%20flow%20for%20them)%2C%20and%20also%20on%20internal%20Exchange%20Hub%20Transports%20%2F%20Multi-Roles.%3C%2FLI%3E%0A%3CLI%3EOn%20half%20of%20the%20Edge%20servers%2C%20recreate%20the%20subscription%20document%20(XML)%3C%2FLI%3E%0A%3CLI%3EUsing%20subscription%20documents%20from%203%2C%20recreate%20the%20Edge%20subscription%20on%20the%20internal%20Exchange%20Hub%20Transports%20%2F%20Multi-Roles%2C%20after%20removing%20the%20existing%20one.%3C%2FLI%3E%0A%3CLI%3EStart-EdgeSynchronization%20-%20mail%20flow%20should%20now%20switch%20from%202nd%20half%20of%20Edge%20servers%20to%201st%20half%20that%20we%20touched%20in%20step%203%3C%2FLI%3E%0A%3CLI%3ERun%20Test-EdgeSyncronization%20to%20validate%3C%2FLI%3E%0A%3CLI%3EPerform%20step%202-5%20for%20the%202nd%20half%20of%20the%20Edge%20servers%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-709394%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20How%20to%20change%20ssl%20for%20edge%20ready%20configured%20hybrid%20with%20office365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-709394%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1978%22%20target%3D%22_blank%22%3E%40Michel%20de%20Rooij%3C%2FA%3E%26nbsp%3B%20%3A%20i%20just%20changed%20ssl%20but%20need%20running%20Hybrid%20Wizard%20to%20update%20new%20ssl%20.Thanks%20your%20guided%3C%2FP%3E%3CP%3EIf%20have%20error%20flow%20email%20then%20follow%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2989382%2Fcan-t-receive-mail-in-a-hybrid-environment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2989382%2Fcan-t-receive-mail-in-a-hybrid-environment%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hello

    please guide help me way to change ssl in edge ready configured hybrid with office365

Best Regards,

Thanks

2 Replies
Highlighted
Best Response confirmed by Tien Ngo Thanh (Regular Contributor)
Solution

The procedure is identical to renewal of regular Edge certificates. It helps if you have more than one Edge server, otherwise you are looking at a little downtime as you are recreating the subscription at some point. In short:

  1. Import the new certificate on all Edge server(s) and internal Exchange servers running Exchange Hub Transports / Multi-Roles;
  2. Enable the new certificate for SMTP services (Enable-ExchangeCertificate) on half of the Edge servers (this breaks mail flow for them), and also on internal Exchange Hub Transports / Multi-Roles.
  3. On half of the Edge servers, recreate the subscription document (XML)
  4. Using subscription documents from 3, recreate the Edge subscription on the internal Exchange Hub Transports / Multi-Roles, after removing the existing one.
  5. Start-EdgeSynchronization - mail flow should now switch from 2nd half of Edge servers to 1st half that we touched in step 3
  6. Run Test-EdgeSyncronization to validate
  7. Perform step 2-5 for the 2nd half of the Edge servers
Highlighted

@Michel de Rooij  : i just changed ssl but need running Hybrid Wizard to update new ssl .Thanks your guided

If have error flow email then follow https://support.microsoft.com/en-us/help/2989382/can-t-receive-mail-in-a-hybrid-environment