Solved

SSL is enabled on the IIS Root Directory

Posted on 2011-03-14
5
7,956 Views
Last Modified: 2012-05-11
When I ran the Exchange Best Practices Analyzer I received the following warning:

SSL is enabled on the IIS root directory of the Client Access server.  This will break HTTP redirection for other client Access servers unless it is disabled.  Then when I reached this error i found this:

SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.

How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other?  Please advise.
0
Comment
Question by:rsilver24
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129539
First run this command (Get-ExchangeCertificate | fl) to find out what certificates you have installed.
0
 

Author Comment

by:rsilver24
ID: 35129568
This is what I get

ccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                     essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=HALISERV3
NotAfter           : 1/19/2016 12:03:27 PM
NotBefore          : 1/19/2011 12:03:27 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 50FDE2588CD1CCA1444F4AB30BF8C3FA
Services           : IMAP, POP, IIS
Status             : Valid
Subject            : CN=HALISERV3
Thumbprint         : 16FAE471C6ACB81F0341D0D35BF552B92FF773BB
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129639
You have assigned a SelfSigned certificate for IMAP, POP, IIS.

Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35129654
Ignore this warning this is the default configuration of IIS with Exchange 2010

the only case you will need to change this is IF you want to redirect http://mail.domain.com to https://mail.domain.com other than this you can just ignore it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35129664
and 99% you DO NOT have an SSL offloading device, if you had you would know it
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now