Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL is enabled on the IIS Root Directory

Posted on 2011-03-14
5
Medium Priority
?
8,215 Views
Last Modified: 2012-05-11
When I ran the Exchange Best Practices Analyzer I received the following warning:

SSL is enabled on the IIS root directory of the Client Access server.  This will break HTTP redirection for other client Access servers unless it is disabled.  Then when I reached this error i found this:

SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.

How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other?  Please advise.
0
Comment
Question by:rsilver24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129539
First run this command (Get-ExchangeCertificate | fl) to find out what certificates you have installed.
0
 

Author Comment

by:rsilver24
ID: 35129568
This is what I get

ccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                     essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=HALISERV3
NotAfter           : 1/19/2016 12:03:27 PM
NotBefore          : 1/19/2011 12:03:27 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 50FDE2588CD1CCA1444F4AB30BF8C3FA
Services           : IMAP, POP, IIS
Status             : Valid
Subject            : CN=HALISERV3
Thumbprint         : 16FAE471C6ACB81F0341D0D35BF552B92FF773BB
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129639
You have assigned a SelfSigned certificate for IMAP, POP, IIS.

Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 35129654
Ignore this warning this is the default configuration of IIS with Exchange 2010

the only case you will need to change this is IF you want to redirect http://mail.domain.com to https://mail.domain.com other than this you can just ignore it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35129664
and 99% you DO NOT have an SSL offloading device, if you had you would know it
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question