Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

EXCHANGE

Posted on 2016-11-23
6
Medium Priority
?
62 Views
Last Modified: 2016-11-23
how can I know validity of the ssl cert installed in my IIS  if it is template version 2 or higher AND AUTO ENROLLMENT IS ENABLED OR NOT.
0
Comment
Question by:pramod1
  • 3
  • 3
6 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 41899613
Hi,

what do you mean by that? If you open certificate it will show you vaild from and valid to.
Template version are of no matter when it comes to validity.

Regards,
Ivan.
0
 

Author Comment

by:pramod1
ID: 41899627
my cert on my exchange is expiring , wanted to extend for another year and cert. template is web server when issuing from my internal CA, I was told below by Microsoft following to check

"You can change the validity of the cert if it is template version 2 or higher. However, when you extend the validity you still need to request a new Cert if auto enrollment is not enabled if auto enrollment is enabled it would automatically push out a new cert when the previous cert for the original validity period expires. "
0
 

Author Comment

by:pramod1
ID: 41899636
how will I check if cert is on auto enrollment and of template version 2
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Expert Comment

by:Ivan
ID: 41899656
Hi,

Open Root CA and go to certificate templates. There you will see what version you have.
Gray templates are version 1, colored are version 2.

Take a look at picture attached.

Regards,
Ivan.
figure_01.bmp
0
 

Author Comment

by:pramod1
ID: 41899660
thanks

what about auto-enrollment?
0
 
LVL 17

Accepted Solution

by:
Ivan earned 2000 total points
ID: 41899692
You should check if that is enabled via GPO, and if autoenroll is enabled on certificate template as well.

So first check security properties on template, to see if autoenroll is enabled: https://technet.microsoft.com/en-us/library/Cc753452.aspx

Then look at  following link to see if GPO is configured to autoenroll certificate to copmuters: https://technet.microsoft.com/en-us/library/cc731522(v=ws.11).aspx 

I have attached a picture as well.

Regards,
Ivan.
1427227306628.bmp
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question