Root CA Certificate Expired

Have a Root CA Certificate that has expired that is used for our Exchange OWA security.  Is there a way to renew and extend the certificate?  Please include explicit directions, if so.  If not, what is the quickest and simplest way to get another cert. in place and working?  Thanks!
LVL 4
rstorm1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dexITCommented:
Godaddy.com
0
rstorm1Author Commented:
dexIT, If that is the best you can do, please just decline to answer at all next time.  You may be preventing others by answering when they see someone has already commented on this.
This appears to be a self-signed certificate.  Experts, I inherited this situation and don't know a lot about the certificate process.  Therefore, explicit help will be very appreciated.  Is there a way to renew and extend the certificate?
0
MightySWCommented:
Hi,
These instructions are for a self signed certificate.  If you have a godaddy, or verisign, or thwate cert then you will have to go through them to get another cert.


Go to IIS on the exchange, right click my computer, manage, goto IIS and expand web sites and right click on default web sites, goto  server and to the directory security tab.  

Click on Server Certificate button, click next, and chose Renew the current certificate, click next.  

Select send the request immediately to an online CA and click next.  It will show you the server that is the CA in the domain.  Click next.  It will come to a verification/submission screen.  Ensure everything is correct and click next to submit.


Now that you have submitted a renewal request, you have to goto the CA and accept it.  It would be easier if you followed the steps listed here:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Skip down to the section listed: Getting the Pending Request accepted by our Certificate Authority and follow those steps.

HTH and good luck.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ParanormasticCryptographic EngineerCommented:
On the root CA... "certutil -renewcert" - this will renew the CA certificate.  You can also do this from within the CA MMC if you want.

This might be a useful reference for the naming system post-renewal.
http://msdn.microsoft.com/en-us/library/aa376550(VS.85).aspx

You will need to deploy the new root cert manually, via GPO, etc.  All certs issued under this root (including subordinate CA servers if present) would have expired at the same time.  You will need to create a new cert request as described above by mightysw.

Remember to copy your new CA cert to the AIA location(s) defined on the Extensions tab of the CA properties within the CA MMC, as well as the new CRL.  Make sure to back up the CA database, the new private key, and a copy of the first CRL to removable media (e.g. floppy or flash drive) and keep that locked up.  You can use the CA MMC - right click CAName - all tasks - backup CA to backup the db and private key.  Also make sure to make a fresh full system backup.
0
rstorm1Author Commented:
Thanks, guys, you're the greatest!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.