Solved

Root CA Certificate Expired

Posted on 2009-07-13
5
3,073 Views
Last Modified: 2012-05-07
Have a Root CA Certificate that has expired that is used for our Exchange OWA security.  Is there a way to renew and extend the certificate?  Please include explicit directions, if so.  If not, what is the quickest and simplest way to get another cert. in place and working?  Thanks!
0
Comment
Question by:rstorm1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Expert Comment

by:dexIT
ID: 24840617
Godaddy.com
0
 
LVL 4

Author Comment

by:rstorm1
ID: 24840802
dexIT, If that is the best you can do, please just decline to answer at all next time.  You may be preventing others by answering when they see someone has already commented on this.
This appears to be a self-signed certificate.  Experts, I inherited this situation and don't know a lot about the certificate process.  Therefore, explicit help will be very appreciated.  Is there a way to renew and extend the certificate?
0
 
LVL 20

Accepted Solution

by:
MightySW earned 250 total points
ID: 24840878
Hi,
These instructions are for a self signed certificate.  If you have a godaddy, or verisign, or thwate cert then you will have to go through them to get another cert.


Go to IIS on the exchange, right click my computer, manage, goto IIS and expand web sites and right click on default web sites, goto  server and to the directory security tab.  

Click on Server Certificate button, click next, and chose Renew the current certificate, click next.  

Select send the request immediately to an online CA and click next.  It will show you the server that is the CA in the domain.  Click next.  It will come to a verification/submission screen.  Ensure everything is correct and click next to submit.


Now that you have submitted a renewal request, you have to goto the CA and accept it.  It would be easier if you followed the steps listed here:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Skip down to the section listed: Getting the Pending Request accepted by our Certificate Authority and follow those steps.

HTH and good luck.

0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 24841177
On the root CA... "certutil -renewcert" - this will renew the CA certificate.  You can also do this from within the CA MMC if you want.

This might be a useful reference for the naming system post-renewal.
http://msdn.microsoft.com/en-us/library/aa376550(VS.85).aspx

You will need to deploy the new root cert manually, via GPO, etc.  All certs issued under this root (including subordinate CA servers if present) would have expired at the same time.  You will need to create a new cert request as described above by mightysw.

Remember to copy your new CA cert to the AIA location(s) defined on the Extensions tab of the CA properties within the CA MMC, as well as the new CRL.  Make sure to back up the CA database, the new private key, and a copy of the first CRL to removable media (e.g. floppy or flash drive) and keep that locked up.  You can use the CA MMC - right click CAName - all tasks - backup CA to backup the db and private key.  Also make sure to make a fresh full system backup.
0
 
LVL 4

Author Closing Comment

by:rstorm1
ID: 31602860
Thanks, guys, you're the greatest!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question