Solved

EXCHANGE

Posted on 2016-11-23
6
41 Views
Last Modified: 2016-11-23
how can I know validity of the ssl cert installed in my IIS  if it is template version 2 or higher AND AUTO ENROLLMENT IS ENABLED OR NOT.
0
Comment
Question by:pramod1
  • 3
  • 3
6 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 41899613
Hi,

what do you mean by that? If you open certificate it will show you vaild from and valid to.
Template version are of no matter when it comes to validity.

Regards,
Ivan.
0
 

Author Comment

by:pramod1
ID: 41899627
my cert on my exchange is expiring , wanted to extend for another year and cert. template is web server when issuing from my internal CA, I was told below by Microsoft following to check

"You can change the validity of the cert if it is template version 2 or higher. However, when you extend the validity you still need to request a new Cert if auto enrollment is not enabled if auto enrollment is enabled it would automatically push out a new cert when the previous cert for the original validity period expires. "
0
 

Author Comment

by:pramod1
ID: 41899636
how will I check if cert is on auto enrollment and of template version 2
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 16

Expert Comment

by:Ivan
ID: 41899656
Hi,

Open Root CA and go to certificate templates. There you will see what version you have.
Gray templates are version 1, colored are version 2.

Take a look at picture attached.

Regards,
Ivan.
figure_01.bmp
0
 

Author Comment

by:pramod1
ID: 41899660
thanks

what about auto-enrollment?
0
 
LVL 16

Accepted Solution

by:
Ivan earned 500 total points
ID: 41899692
You should check if that is enabled via GPO, and if autoenroll is enabled on certificate template as well.

So first check security properties on template, to see if autoenroll is enabled: https://technet.microsoft.com/en-us/library/Cc753452.aspx

Then look at  following link to see if GPO is configured to autoenroll certificate to copmuters: https://technet.microsoft.com/en-us/library/cc731522(v=ws.11).aspx 

I have attached a picture as well.

Regards,
Ivan.
1427227306628.bmp
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question