Expired Self-Issued Certificate

Posted on 2006-11-22
Medium Priority
Last Modified: 2012-05-05
I have Exchange 2003 SP2 running OWA with a self-issued certificate from the CA running on the local Exchange Server.  It was valid for 2004-2006 and expired a few months ago.  This normally doesn't matter, we just use it for internal SSL for OWA.  

I'm now setting up Microsoft Direct Push, and I got it to work unsecured http.  I want to secure the data between the mobile devices and the server by using SSL, but the mobile devices don't like our expired certificate.  I recently revoked the certificate to create a new one.  

I created a dummy site in IIS, and went through the wizard to create a new certificate, but it hasn't shown up anywhere yet.

Please advise on the best technique for me to run our OWA and Exchange Active Sync under a non-expired Cert so I can continue my project.

Just for sport, I was given a Thanksgiving deadline yesterday on implementing Direct Push for Mobile devices for the company so the boss can see how well it works.

Question by:dempsedm
LVL 26

Accepted Solution

jar3817 earned 210 total points
ID: 17999961
Buy a real cert from a trusted authority. I could be wrong, but I've heard you need a trusted cert for direct push (and rpc over https) to work properly. You can get one for $20/yr at godaddy.com.

Author Comment

ID: 17999980
I may consider this, but for testing purposes was hoping to use my own.

Author Comment

ID: 17999983
Also, I have used RPC over https with self cert.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Author Comment

ID: 18000025
To clarify, you do need a trusted cert, but you can add your own to be trusted.  Some are already "pre-trusted" from verisign, etc.  I have installed the cert properly to the device, but it expired a few months ago.

Assisted Solution

dlangr earned 150 total points
ID: 18000195
see http://www.isaserver.org/tutorials/2004owafba.html for a good explanation of how to use your own self-signed certificate, you can leave out the isa part if you don't use it.

If you are using self-signed certificates you usually have to edit the registry of the mobile devices to allow importing self signed certificates or use a tool like http://www.jacco2.dds.nl/networking/pfximprt.html#Using_pfximprt

Assisted Solution

deadite earned 150 total points
ID: 18000839
If you want to setup SSL (for free) you can create your own SA, generate the cert request, then have your CA make the cert.  Here is a simple step by step direction to do this:

In addition, you will probably want to automatically redirect HTTP traffic to use HTTPS.  For instance, if you enter http://server/exchange it will forward it to https://server/exchange.  Here is an MS article outlining this:


Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question