Certificate will expire?
The STARTTLS certificate will expire soon: subject: exchange.mycompany.inc, hours remaining: E876E87687E6876E8976E9876E9876E. Run the New-ExchangeCertificate cmdlet to create a new certificate.
We do not have third party certs just using the defaults. My question is what happens if this expires? And how can I decipher that hours remaining into english?
August 18th, 2011 9:45am
Just run get-exchangecertificate - that will show you when the certificate expires.
When it expires, clients will get prompts and you will not be able to support secure email. This would be a good opportunity to change to a commercial SSL certificate. The type required by Exchange 2007 and higher can be found for less than US$80/year from
places such as http://certificatesforexchange.com/
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 11:03am
When you say clients do you mean outlook as well as OWA? Will email still flow too and from outlook but simply have an error cert error?
Also does anyone have a link to a guide for renewing? Want to make sure it goes smoothly. Do I need to do the renewal process after hours with noone on the system?
August 18th, 2011 1:57pm
When you say clients do you mean outlook as well as OWA? Will email still flow too and from outlook but simply have an error cert error?
Also does anyone have a link to a guide for renewing? Want to make sure it goes smoothly. Do I need to do the renewal process after hours with noone on the system?
Outlook 2007 and higher uses web services. Therefore it will apply to those as well as OWA. If you are using ActiveSync that will stop working.
If you have had to install the self-signed certificate anywhere then that will no longer work. It should also be noted that the self signed certificate is not supported for use with Outlook Anywhere and Exchange ActiveSync.
I have instructions on installing a commercial certificate here:
http://exchange.sembee.info/2007/install/multiplenamessl.asp
It can be done when you like, as it is a multiple stage process. The certificate doesn't actually go live until you enable the services on the certificate.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 5:53pm
Hello,
I think the following two links will help
The STARTTLS certificate will soon expire
http://technet.microsoft.com/en-us/library/bb218312(EXCHG.80).aspx
Selection of Inbound STARTTLS Certificates
http://technet.microsoft.com/en-us/library/bb430748.aspx
THanks,
Simon
August 19th, 2011 5:26am