Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2007 SSL Certificates

Posted on 2011-02-10
3
Medium Priority
?
738 Views
Last Modified: 2012-05-11
Greetings,

I had recently taken over an existing Exchange 2007 implementation and yesterday realized that the SSL certificates had expired for owa and autodiscovery.  I was able to get the certificates renewed and everything seems to be working just fine at this point.

My concern is some other self signed certificates installed within Exchange 2007 that have also expired that I need to understand and determine if I need to renew them or not.

Here is an export of all certificates installed on Exchange 2007.

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1.goldengaminginc.com
NotAfter           : 2/9/2013 6:13:01 PM
NotBefore          : 2/9/2011 6:13:01 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM
Status             : Valid
Subject            : CN=ggiht1.goldengaminginc.com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.ggilv.com, ggiht1, ggiht1.goldengaminginc.com, au
                     todiscover.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=Di
                     giCert Inc, C=US
NotAfter           : 2/13/2014 3:59:59 PM
NotBefore          : 2/9/2011 4:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
Services           : IMAP, POP, UM
Status             : Valid
Subject            : CN=webmail.ggilv.com, OU=Information Technology, O=Golden
                     Gaming Inc., L=Las Vegas, S=NV, C=US

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com
NotAfter           : 2/3/2011 8:17:21 PM
NotBefore          : 2/3/2010 2:17:21 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com
NotAfter           : 2/3/2011 7:40:25 PM
NotBefore          : 2/3/2010 1:40:25 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1, ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1
NotAfter           : 1/8/2011 5:38:36 PM
NotBefore          : 1/8/2010 5:38:36 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=ggiht1



0
Comment
Question by:snosurfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
michael_b_smith earned 2000 total points
ID: 34866141
Well, based on what you show here - you only need a new self-signed certificate for SMTP.

 The valid values for services are IIS, SMTP, POP, IMAP, UM. You don't have ANYTHING specified for IIS (which surprises me). But you have the other services handled just fine.

To create a new self-signed certificate for SMTP, just:

Get-ExchangeCertificate -DomainN ggiht1, ggiht1.goldengaminginc.com |
    New-ExchangeCertificate -Services SMTP
0
 

Author Comment

by:snosurfur
ID: 34866525
I thought not seeing anything for IIS was surprising as well.  But everything is working just fine.  Would you know what a possible cause for that is?

0
 
LVL 5

Expert Comment

by:michael_b_smith
ID: 34867094
You could have a firewall or an ISA/TMG/UAG (or similar) server which is doing SSL termination; and then forwarding the decrypted packet to the Exchange server(s).
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question