Solved

Exchange 2007 SSL Certificates

Posted on 2011-02-10
3
728 Views
Last Modified: 2012-05-11
Greetings,

I had recently taken over an existing Exchange 2007 implementation and yesterday realized that the SSL certificates had expired for owa and autodiscovery.  I was able to get the certificates renewed and everything seems to be working just fine at this point.

My concern is some other self signed certificates installed within Exchange 2007 that have also expired that I need to understand and determine if I need to renew them or not.

Here is an export of all certificates installed on Exchange 2007.

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1.goldengaminginc.com
NotAfter           : 2/9/2013 6:13:01 PM
NotBefore          : 2/9/2011 6:13:01 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM
Status             : Valid
Subject            : CN=ggiht1.goldengaminginc.com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.ggilv.com, ggiht1, ggiht1.goldengaminginc.com, au
                     todiscover.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=Di
                     giCert Inc, C=US
NotAfter           : 2/13/2014 3:59:59 PM
NotBefore          : 2/9/2011 4:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
Services           : IMAP, POP, UM
Status             : Valid
Subject            : CN=webmail.ggilv.com, OU=Information Technology, O=Golden
                     Gaming Inc., L=Las Vegas, S=NV, C=US

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com
NotAfter           : 2/3/2011 8:17:21 PM
NotBefore          : 2/3/2010 2:17:21 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=goldengaminginc.com, O=Golden Gaming Inc., DC=goldengam
                     inginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com
NotAfter           : 2/3/2011 7:40:25 PM
NotBefore          : 2/3/2010 1:40:25 PM
PublicKeySize      : 2048
RootCAType         : Unknown
Services           : None
Status             : Invalid
Subject            : CN=mail.goldengaminginc.com, O=Golden Gaming Inc., DC=gold
                     engaminginc, DC=com

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ggiht1, ggiht1.goldengaminginc.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=ggiht1
NotAfter           : 1/8/2011 5:38:36 PM
NotBefore          : 1/8/2010 5:38:36 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : UM, SMTP
Status             : DateInvalid
Subject            : CN=ggiht1



0
Comment
Question by:snosurfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
michael_b_smith earned 500 total points
ID: 34866141
Well, based on what you show here - you only need a new self-signed certificate for SMTP.

 The valid values for services are IIS, SMTP, POP, IMAP, UM. You don't have ANYTHING specified for IIS (which surprises me). But you have the other services handled just fine.

To create a new self-signed certificate for SMTP, just:

Get-ExchangeCertificate -DomainN ggiht1, ggiht1.goldengaminginc.com |
    New-ExchangeCertificate -Services SMTP
0
 

Author Comment

by:snosurfur
ID: 34866525
I thought not seeing anything for IIS was surprising as well.  But everything is working just fine.  Would you know what a possible cause for that is?

0
 
LVL 5

Expert Comment

by:michael_b_smith
ID: 34867094
You could have a firewall or an ISA/TMG/UAG (or similar) server which is doing SSL termination; and then forwarding the decrypted packet to the Exchange server(s).
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question