Solved

Root CA Certificate Expired

Posted on 2009-07-13
5
3,040 Views
Last Modified: 2012-05-07
Have a Root CA Certificate that has expired that is used for our Exchange OWA security.  Is there a way to renew and extend the certificate?  Please include explicit directions, if so.  If not, what is the quickest and simplest way to get another cert. in place and working?  Thanks!
0
Comment
Question by:rstorm1
5 Comments
 
LVL 9

Expert Comment

by:dexIT
ID: 24840617
Godaddy.com
0
 
LVL 4

Author Comment

by:rstorm1
ID: 24840802
dexIT, If that is the best you can do, please just decline to answer at all next time.  You may be preventing others by answering when they see someone has already commented on this.
This appears to be a self-signed certificate.  Experts, I inherited this situation and don't know a lot about the certificate process.  Therefore, explicit help will be very appreciated.  Is there a way to renew and extend the certificate?
0
 
LVL 20

Accepted Solution

by:
MightySW earned 250 total points
ID: 24840878
Hi,
These instructions are for a self signed certificate.  If you have a godaddy, or verisign, or thwate cert then you will have to go through them to get another cert.


Go to IIS on the exchange, right click my computer, manage, goto IIS and expand web sites and right click on default web sites, goto  server and to the directory security tab.  

Click on Server Certificate button, click next, and chose Renew the current certificate, click next.  

Select send the request immediately to an online CA and click next.  It will show you the server that is the CA in the domain.  Click next.  It will come to a verification/submission screen.  Ensure everything is correct and click next to submit.


Now that you have submitted a renewal request, you have to goto the CA and accept it.  It would be easier if you followed the steps listed here:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Skip down to the section listed: Getting the Pending Request accepted by our Certificate Authority and follow those steps.

HTH and good luck.

0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 24841177
On the root CA... "certutil -renewcert" - this will renew the CA certificate.  You can also do this from within the CA MMC if you want.

This might be a useful reference for the naming system post-renewal.
http://msdn.microsoft.com/en-us/library/aa376550(VS.85).aspx

You will need to deploy the new root cert manually, via GPO, etc.  All certs issued under this root (including subordinate CA servers if present) would have expired at the same time.  You will need to create a new cert request as described above by mightysw.

Remember to copy your new CA cert to the AIA location(s) defined on the Extensions tab of the CA properties within the CA MMC, as well as the new CRL.  Make sure to back up the CA database, the new private key, and a copy of the first CRL to removable media (e.g. floppy or flash drive) and keep that locked up.  You can use the CA MMC - right click CAName - all tasks - backup CA to backup the db and private key.  Also make sure to make a fresh full system backup.
0
 
LVL 4

Author Closing Comment

by:rstorm1
ID: 31602860
Thanks, guys, you're the greatest!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Question about AD permissions 2 67
setup share and NTFS permissions. 12 75
why user can't see mapped share folder 8 47
Event-ID 3001, 3011 - LoadPerf - Windows Server 2003 14 42
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question