 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Administration / July 2008Exchange 2007 Certificate query
Hi We are running Exchange 2007 SP1 . The certificate on our Default website which was created during the install expires on 30th August 2008. However at that time we requested for a new certificate and got this issued from one of our Internally Generated CA which expires in 2057 (a server internal to our domain) to avoid . All of our clients have this new certificate installed on their PC as a trusted root ca and also for our overseas staff who use RPC over HTTP. Even in IIS under OWA when i click on view certficate, it says it will expire on 30th August 2008 in the General TAB but when i view the certificate listed in the Certification Tab it says its expires in 2057. My worry is what will happen when we reach 30th August 2008? Will our email stop working? Should i be proactive and renew this default certifcate? Secondly, if I have to renew this certificate, the internal CA server which issued previouly had to be rebuilt. Would this be a problem? Your suggestions will be helpful. Thanks Raman >Hi > [quoted text clipped - 22 lines] > >Raman Did you enable the certificate with powershell for the Exch Services? Hi Andy, Cannot remember if I did as its been close to an year. I think I may have but cannot tell you for sure. Is there anyway to check? THis was one of the reasons why I wanted to get a SAN certificate but the company was not interested. Raman > >Hi > > [quoted text clipped - 24 lines] > > Did you enable the certificate with powershell for the Exch Services? Hi Andy, Here is the list of certificates i got when i ran get-exchangecertifcate | list ************ AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.sge.com, smtp.sge.com, autodiscover.sge.com, sge.com , mifune.sge.melb.com, mifune} HasPrivateKey : True IsSelfSigned : False Issuer : CN=mail, DC=sge, DC=com NotAfter : 30/08/2008 12:09:48 PM NotBefore : 30/08/2007 11:59:48 AM PublicKeySize : 2048 RootCAType : Enterprise SerialNumber : 24CD05AD000000000002 Services : IMAP, POP, IIS, SMTP Status : Unknown Subject : CN=mail.sge.com, O=SGE, DC=com, DC=sge Thumbprint : 03BDEAD7F75BF81A82950B85622D5BBD77B9BD8F AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.sge.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.sge.com, O=SGE, DC=com, DC=sge NotAfter : 29/08/2008 5:14:16 PM NotBefore : 30/08/2007 11:14:16 AM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 8A5DD61969DFF1834A04FA06E8583C09 Services : None Status : Invalid Subject : CN=mail.sge.com, O=SGE, DC=com, DC=sge Thumbprint : E63E42812B981A39D753F05214B0BE8795727B99 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mifune, mifune.sge.melb.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mifune NotAfter : 25/07/2008 4:59:56 PM NotBefore : 25/07/2007 4:59:56 PM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : BB1E1B7199E4B98F4FA9948B524A2787 Services : SMTP Status : Invalid Subject : CN=mifune Thumbprint : 1711584BA8445260124C59E98AB48E1B10333643 ************ > Hi Andy, > [quoted text clipped - 34 lines] > > > > Did you enable the certificate with powershell for the Exch Services? >Hi Andy, > >Cannot remember if I did as its been close to an year. I think I may have >but cannot tell you for sure. Is there anyway to check? get-exchangecertificate | fl will show you everything >THis was one of the reasons why I wanted to get a SAN certificate but the >company was not interested. [quoted text clipped - 29 lines] >> >> Did you enable the certificate with powershell for the Exch Services? Thanks Andy! But the thing I would really like to know is how renew this certificate. I have read some other articles about running the following commands. Is this all I need to do? Get-ExchangeCertificate -thumbprint "Thumbprint Name"| New-ExchangeCertificate and then Enable-ExchangeCertificate -thumbprint "New Thumbprint Name" -services IIS Thanks for your help Raman > >Hi Andy, > > [quoted text clipped - 38 lines] > >> > >> Did you enable the certificate with powershell for the Exch Services? >Thanks Andy! But the thing I would really like to know is how renew this >certificate. I have read some other articles about running the following [quoted text clipped - 4 lines] > >Enable-ExchangeCertificate -thumbprint "New Thumbprint Name" -services IIS You would need to generate a new request for submittal to your internal CA. New-ExchangeCertificate. The command above renews the builtin cert. >Thanks for your help > [quoted text clipped - 42 lines] >> >> >> >> Did you enable the certificate with powershell for the Exch Services? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.