Exchange 2003 - OWA stops working when you replace the certificate

Stricly speaking this won't be a guide but more of what to do if it "doesn't work like you think it should" sort of post.  I encountered an issue where Exchange 2003's Front End server stopped working when servicing OWA requests.  The certificate placed on the site was going to expire, a new one had been purchased and processed but when applied it failed.  404 and the joy of IIS and certificates...



When you create a Certificate Request (CSR for those in the known) and you then receive your certificate back from third-party company you should know to complete the CSR on the server you generated it from.  If you don't you'll find you won't have the private key that goes with the certificate and you'll epically fail at getting the new certificate to work with anything.

The other problem that can happen is if you generate the CSR from the server, complete the request on the same server but a different Web Site you'll find OWA no longer works when you replace the certificate.  I am not sure whether this is just OWA but I am told you can create a dummy site to complete a CSR and then just use that certificate against your Default Website - not in this case.

Unfortunately this doesn't work - OWA will present you with a 404 error and you will most likely try several things to get her to go again with the end result being you put the certificate you had already back in place.  The answer is to always complete the CSR against the Default Website or the website that hosts OWA.  Don't try and be clever and complete it against a dummy website as it will fail.

I tried re-issuing the certificate on the OWA website object and it just sprang into life.  Next time someone asks about Exchange 2003, OWA and certificate replacement remember the golden rule to always complete the whole process on your live Default Website.  If you don't good luck with getting it to if you get a 404 error...