Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

EXCHANGE

Posted on 2016-11-23
6
Medium Priority
?
57 Views
Last Modified: 2016-11-23
how can I know validity of the ssl cert installed in my IIS  if it is template version 2 or higher AND AUTO ENROLLMENT IS ENABLED OR NOT.
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 41899613
Hi,

what do you mean by that? If you open certificate it will show you vaild from and valid to.
Template version are of no matter when it comes to validity.

Regards,
Ivan.
0
 

Author Comment

by:pramod1
ID: 41899627
my cert on my exchange is expiring , wanted to extend for another year and cert. template is web server when issuing from my internal CA, I was told below by Microsoft following to check

"You can change the validity of the cert if it is template version 2 or higher. However, when you extend the validity you still need to request a new Cert if auto enrollment is not enabled if auto enrollment is enabled it would automatically push out a new cert when the previous cert for the original validity period expires. "
0
 

Author Comment

by:pramod1
ID: 41899636
how will I check if cert is on auto enrollment and of template version 2
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 17

Expert Comment

by:Ivan
ID: 41899656
Hi,

Open Root CA and go to certificate templates. There you will see what version you have.
Gray templates are version 1, colored are version 2.

Take a look at picture attached.

Regards,
Ivan.
figure_01.bmp
0
 

Author Comment

by:pramod1
ID: 41899660
thanks

what about auto-enrollment?
0
 
LVL 17

Accepted Solution

by:
Ivan earned 2000 total points
ID: 41899692
You should check if that is enabled via GPO, and if autoenroll is enabled on certificate template as well.

So first check security properties on template, to see if autoenroll is enabled: https://technet.microsoft.com/en-us/library/Cc753452.aspx

Then look at  following link to see if GPO is configured to autoenroll certificate to copmuters: https://technet.microsoft.com/en-us/library/cc731522(v=ws.11).aspx 

I have attached a picture as well.

Regards,
Ivan.
1427227306628.bmp
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question