Solved

EXCHANGE

Posted on 2016-11-23
6
50 Views
Last Modified: 2016-11-23
how can I know validity of the ssl cert installed in my IIS  if it is template version 2 or higher AND AUTO ENROLLMENT IS ENABLED OR NOT.
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 41899613
Hi,

what do you mean by that? If you open certificate it will show you vaild from and valid to.
Template version are of no matter when it comes to validity.

Regards,
Ivan.
0
 

Author Comment

by:pramod1
ID: 41899627
my cert on my exchange is expiring , wanted to extend for another year and cert. template is web server when issuing from my internal CA, I was told below by Microsoft following to check

"You can change the validity of the cert if it is template version 2 or higher. However, when you extend the validity you still need to request a new Cert if auto enrollment is not enabled if auto enrollment is enabled it would automatically push out a new cert when the previous cert for the original validity period expires. "
0
 

Author Comment

by:pramod1
ID: 41899636
how will I check if cert is on auto enrollment and of template version 2
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 17

Expert Comment

by:Ivan
ID: 41899656
Hi,

Open Root CA and go to certificate templates. There you will see what version you have.
Gray templates are version 1, colored are version 2.

Take a look at picture attached.

Regards,
Ivan.
figure_01.bmp
0
 

Author Comment

by:pramod1
ID: 41899660
thanks

what about auto-enrollment?
0
 
LVL 17

Accepted Solution

by:
Ivan earned 500 total points
ID: 41899692
You should check if that is enabled via GPO, and if autoenroll is enabled on certificate template as well.

So first check security properties on template, to see if autoenroll is enabled: https://technet.microsoft.com/en-us/library/Cc753452.aspx

Then look at  following link to see if GPO is configured to autoenroll certificate to copmuters: https://technet.microsoft.com/en-us/library/cc731522(v=ws.11).aspx 

I have attached a picture as well.

Regards,
Ivan.
1427227306628.bmp
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question