Solved

Root CA Certificate Expired

Posted on 2009-07-13
5
3,059 Views
Last Modified: 2012-05-07
Have a Root CA Certificate that has expired that is used for our Exchange OWA security.  Is there a way to renew and extend the certificate?  Please include explicit directions, if so.  If not, what is the quickest and simplest way to get another cert. in place and working?  Thanks!
0
Comment
Question by:rstorm1
5 Comments
 
LVL 9

Expert Comment

by:dexIT
ID: 24840617
Godaddy.com
0
 
LVL 4

Author Comment

by:rstorm1
ID: 24840802
dexIT, If that is the best you can do, please just decline to answer at all next time.  You may be preventing others by answering when they see someone has already commented on this.
This appears to be a self-signed certificate.  Experts, I inherited this situation and don't know a lot about the certificate process.  Therefore, explicit help will be very appreciated.  Is there a way to renew and extend the certificate?
0
 
LVL 20

Accepted Solution

by:
MightySW earned 250 total points
ID: 24840878
Hi,
These instructions are for a self signed certificate.  If you have a godaddy, or verisign, or thwate cert then you will have to go through them to get another cert.


Go to IIS on the exchange, right click my computer, manage, goto IIS and expand web sites and right click on default web sites, goto  server and to the directory security tab.  

Click on Server Certificate button, click next, and chose Renew the current certificate, click next.  

Select send the request immediately to an online CA and click next.  It will show you the server that is the CA in the domain.  Click next.  It will come to a verification/submission screen.  Ensure everything is correct and click next to submit.


Now that you have submitted a renewal request, you have to goto the CA and accept it.  It would be easier if you followed the steps listed here:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Skip down to the section listed: Getting the Pending Request accepted by our Certificate Authority and follow those steps.

HTH and good luck.

0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 24841177
On the root CA... "certutil -renewcert" - this will renew the CA certificate.  You can also do this from within the CA MMC if you want.

This might be a useful reference for the naming system post-renewal.
http://msdn.microsoft.com/en-us/library/aa376550(VS.85).aspx

You will need to deploy the new root cert manually, via GPO, etc.  All certs issued under this root (including subordinate CA servers if present) would have expired at the same time.  You will need to create a new cert request as described above by mightysw.

Remember to copy your new CA cert to the AIA location(s) defined on the Extensions tab of the CA properties within the CA MMC, as well as the new CRL.  Make sure to back up the CA database, the new private key, and a copy of the first CRL to removable media (e.g. floppy or flash drive) and keep that locked up.  You can use the CA MMC - right click CAName - all tasks - backup CA to backup the db and private key.  Also make sure to make a fresh full system backup.
0
 
LVL 4

Author Closing Comment

by:rstorm1
ID: 31602860
Thanks, guys, you're the greatest!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question