?
Solved

Exchange 2007 SSL Certificates

Posted on 2011-02-10
3
Medium Priority
?
732 Views
Last Modified: 2012-05-11
Greetings,

I had recently taken over an existing Exchange 2007 implementation and yesterday realized that the SSL certificates had expired for owa and autodiscovery.  I was able to get the certificates renewed and everything seems to be working just fine at this point.

My concern is some other self signed certificates installed within Exchange 2007 that have also expired that I need to understand and determine if I need to renew them or not.

Here is an export of all certificates installed on Exchange 2007.

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1.goldengaminginc.com
NotAfter           : 2/9/2013 6:13:01 PM
NotBefore          : 2/9/2011 6:13:01 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM
Status             : Valid
Subject            : CN=ggiht1.goldengaminginc.com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.ggilv.com, ggiht1, ggiht1.goldengaminginc.com, au
                     todiscover.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=Di
                     giCert Inc, C=US
NotAfter           : 2/13/2014 3:59:59 PM
NotBefore          : 2/9/2011 4:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
Services           : IMAP, POP, UM
Status             : Valid
Subject            : CN=webmail.ggilv.com, OU=Information Technology, O=Golden
                     Gaming Inc., L=Las Vegas, S=NV, C=US

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com
NotAfter           : 2/3/2011 8:17:21 PM
NotBefore          : 2/3/2010 2:17:21 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com
NotAfter           : 2/3/2011 7:40:25 PM
NotBefore          : 2/3/2010 1:40:25 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1, ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1
NotAfter           : 1/8/2011 5:38:36 PM
NotBefore          : 1/8/2010 5:38:36 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=ggiht1



0
Comment
Question by:snosurfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
michael_b_smith earned 2000 total points
ID: 34866141
Well, based on what you show here - you only need a new self-signed certificate for SMTP.

 The valid values for services are IIS, SMTP, POP, IMAP, UM. You don't have ANYTHING specified for IIS (which surprises me). But you have the other services handled just fine.

To create a new self-signed certificate for SMTP, just:

Get-ExchangeCertificate -DomainN ggiht1, ggiht1.goldengaminginc.com |
    New-ExchangeCertificate -Services SMTP
0
 

Author Comment

by:snosurfur
ID: 34866525
I thought not seeing anything for IIS was surprising as well.  But everything is working just fine.  Would you know what a possible cause for that is?

0
 
LVL 5

Expert Comment

by:michael_b_smith
ID: 34867094
You could have a firewall or an ISA/TMG/UAG (or similar) server which is doing SSL termination; and then forwarding the decrypted packet to the Exchange server(s).
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses
Course of the Month12 days, 22 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question