Solved

SSL is enabled on the IIS Root Directory

Posted on 2011-03-14
5
8,024 Views
Last Modified: 2012-05-11
When I ran the Exchange Best Practices Analyzer I received the following warning:

SSL is enabled on the IIS root directory of the Client Access server.  This will break HTTP redirection for other client Access servers unless it is disabled.  Then when I reached this error i found this:

SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.

How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other?  Please advise.
0
Comment
Question by:rsilver24
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129539
First run this command (Get-ExchangeCertificate | fl) to find out what certificates you have installed.
0
 

Author Comment

by:rsilver24
ID: 35129568
This is what I get

ccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                     essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=HALISERV3
NotAfter           : 1/19/2016 12:03:27 PM
NotBefore          : 1/19/2011 12:03:27 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 50FDE2588CD1CCA1444F4AB30BF8C3FA
Services           : IMAP, POP, IIS
Status             : Valid
Subject            : CN=HALISERV3
Thumbprint         : 16FAE471C6ACB81F0341D0D35BF552B92FF773BB
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129639
You have assigned a SelfSigned certificate for IMAP, POP, IIS.

Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35129654
Ignore this warning this is the default configuration of IIS with Exchange 2010

the only case you will need to change this is IF you want to redirect http://mail.domain.com to https://mail.domain.com other than this you can just ignore it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35129664
and 99% you DO NOT have an SSL offloading device, if you had you would know it
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question