?
Solved

Certification - Server 2008

Posted on 2011-10-04
14
Medium Priority
?
406 Views
Last Modified: 2012-05-12
Here is what needs to be renewed: Issued to sites, Subject is sites, DNS name = sites, Certificate template name – Webserver.

It has expired so from what I hear I need to get a new cert and install.

Thanks in advance!
0
Comment
Question by:cspeaker
  • 7
  • 5
  • 2
14 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36914928
do you have a root CA (certificate Authority?) or was your iis webserver certificate self signed or an outside certificate authority?
0
 

Author Comment

by:cspeaker
ID: 36918263
How can I tell?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36919678
examine the certificate



2011-10-05-1444-001.png
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36919724
The real where to look in IIS  What the certificates look like select a certificate and you will see the 'renew' button
0
 

Author Comment

by:cspeaker
ID: 36919764
I believe it is self signed.

The issued to and issued by are the same - the domain server.
0
 

Author Comment

by:cspeaker
ID: 36919792
The cert in question is not listed but the users get a warning that the cert for "sites" is invalid because it expired. The templat is webserver.

This pop-up appears once Outlook (Exchange) is opened.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36921548
so it's not your web server but exchange server same rules apply but from your exchange server managment console
0
 

Author Comment

by:cspeaker
ID: 36921704
Can you provide the steps to do this please.
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 1000 total points
ID: 36922432
Enable-ExchangeCertificate -Server 'EXCH-H-868' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434'

view the full article at http://technet.microsoft.com/en-us/library/ee332322.aspx
0
 
LVL 26

Assisted Solution

by:e_aravind
e_aravind earned 1000 total points
ID: 36923395
I would also recommend to use the command "new-exchangecertificate" to create the certificate\request

a) if you are OK for the "self-signed cert", then you can use the "new-exchangecertificate" without any other parameter...to get the renewed cert.
b) if you got any CA to handle this request, then you can create the request file ...upload it to the CA and wait for the response to get the .cer or .pfx files

0
 

Author Comment

by:cspeaker
ID: 36925946
Thanks!!

OK – I followed the procedures above and it did overwrite the cert that keeps popping up but went back to the users station, started Outlook and the pop up came up again.

Is there something else I need to do?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 36941437
The above steps are the simplest\best way to renew an self-signed exchange certificate.

If the Outlook clients are prompted for authentication....did they had the same issue earlier?
how was that handled earlier?

Do you see any SAN entries @ the old-expiring certificate?

>> concentrate more on the certificate warning
-Click on the "View Certificate" during the "Certificate warning" ...compare the string\URL which Outlook is trying to reach...and what is the certificate actually having.

Note: If needed we may need to go for a SAN certificate
0
 

Author Comment

by:cspeaker
ID: 36943684
Ok - restarted the server and its looking good.

I will know for sure at the end of the day.

Thanks for your help and I will award points either latter today or tomorrow am.

0
 

Author Closing Comment

by:cspeaker
ID: 36987389
Both helped solve the problem so splitting points.

Thanks guys!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question