Solved

SSL is enabled on the IIS Root Directory

Posted on 2011-03-14
5
7,911 Views
Last Modified: 2012-05-11
When I ran the Exchange Best Practices Analyzer I received the following warning:

SSL is enabled on the IIS root directory of the Client Access server.  This will break HTTP redirection for other client Access servers unless it is disabled.  Then when I reached this error i found this:

SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading. If you disable or enable SSL on an Exchange Web Services virtual directory, you must make a configuration change in both Internet Information Services (IIS) Manager and also in a configuration file that's located in the Exchange 2010 installation directory.

How can I tell if I have an SSL offload device, or who should I believe in this instance, since they are contradicting each other?  Please advise.
0
Comment
Question by:rsilver24
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129539
First run this command (Get-ExchangeCertificate | fl) to find out what certificates you have installed.
0
 

Author Comment

by:rsilver24
ID: 35129568
This is what I get

ccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                     essRule}
CertificateDomains : {HALISERV3, HALISERV3.hali88.org}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=HALISERV3
NotAfter           : 1/19/2016 12:03:27 PM
NotBefore          : 1/19/2011 12:03:27 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 50FDE2588CD1CCA1444F4AB30BF8C3FA
Services           : IMAP, POP, IIS
Status             : Valid
Subject            : CN=HALISERV3
Thumbprint         : 16FAE471C6ACB81F0341D0D35BF552B92FF773BB
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 35129639
You have assigned a SelfSigned certificate for IMAP, POP, IIS.

Here is how to configure SSL offloading: http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 35129654
Ignore this warning this is the default configuration of IIS with Exchange 2010

the only case you will need to change this is IF you want to redirect http://mail.domain.com to https://mail.domain.com other than this you can just ignore it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35129664
and 99% you DO NOT have an SSL offloading device, if you had you would know it
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now