rsilver24
asked on
SSL is enabled on the IIS Root Directory
When I ran the Exchange Best Practices Analyzer I received the following warning:
SSL is enabled on the IIS root directory of the Client Access server. This will break HTTP redirection for other client Access servers unless it is disabled. Then when I reached this error i found this:
SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.
How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other? Please advise.
SSL is enabled on the IIS root directory of the Client Access server. This will break HTTP redirection for other client Access servers unless it is disabled. Then when I reached this error i found this:
SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.
How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other? Please advise.
Stelian Stan
First run this command (Get-ExchangeCertificate | fl) to find out what certificates you have installed.
ASKER
This is what I get
ccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=HALISERV3
NotAfter : 1/19/2016 12:03:27 PM
NotBefore : 1/19/2011 12:03:27 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 50FDE2588CD1CCA1444F4AB30B
Services : IMAP, POP, IIS
Status : Valid
Subject : CN=HALISERV3
Thumbprint : 16FAE471C6ACB81F0341D0D35B
ccessRules : {System.Security.AccessCon
ule, System.Security.AccessCont
essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=HALISERV3
NotAfter : 1/19/2016 12:03:27 PM
NotBefore : 1/19/2011 12:03:27 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 50FDE2588CD1CCA1444F4AB30B
Services : IMAP, POP, IIS
Status : Valid
Subject : CN=HALISERV3
Thumbprint : 16FAE471C6ACB81F0341D0D35B
You have assigned a SelfSigned certificate for IMAP, POP, IIS.
Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and 99% you DO NOT have an SSL offloading device, if you had you would know it