Here is the event log warning I am getting:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date: 6/27/2008
Time: 10:02:37 AM
User: N/A
Computer: GEMINI
Description:
The STARTTLS certificate will expire soon: subject:
gemini.inet.empirenow.com, hours remaining:
AEBDDBF48827DBA3ED5A90AA123E61F94FC1992C. Run the New-ExchangeCertificate
cmdlet to create a new certificate.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
My Exchange 2007 environment is: 1 Mailbox server, 1 Hub Transport/Client
Access Server, I use hosted Exchange services thru AT&T for the Edge
Transport Server.
When I view my certs using the cmdlet Get-ExchangeCertificates | format-list
I get:
[PS] C:\Documents and Settings\jcurtiss\Desktop>Get-ExchangeCertificate |
format-list
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.empirenow.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=VeriSign Class 3 Secure Server CA, OU=Terms of use
at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriS
ign, Inc.", C=US
NotAfter : 12/4/2010 6:59:59 PM
NotBefore : 12/4/2007 7:00:00 PM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 3435DE8D1E99DCFAFAD0D92CB5F4C925
Services : IMAP, POP, IIS
Status : Valid
Subject : CN=mail.empirenow.com, OU=Terms of use at
www.verisign.com/rpa (c)05, OU=Empire Financial, O="Empire Financial Group,
Inc.", L=L
ongwood, S=Florida, C=US
Thumbprint : E2E60C791DA4CA23ED4CDBB14E23E4FA1A457667
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessCon
trol.CryptoKeyAccessRule}
CertificateDomains : {gemini, gemini.inet.empirenow.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=gemini
NotAfter : 7/22/2008 3:11:22 PM
NotBefore : 7/22/2007 3:11:22 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 5C45A8B1BDE922B9492C7CA2A595DE35
Services : SMTP
Status : Valid
Subject : CN=gemini
Thumbprint : AEBDDBF48827DBA3ED5A90AA123E61F94FC1992C
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.empirenow.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=VeriSign Class 3 Secure Server CA, OU=Terms of use
at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriS
ign, Inc.", C=US
NotAfter : 12/5/2007 6:59:59 PM
NotBefore : 12/4/2006 7:00:00 PM
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 67DD85727C0A8BB8F0AC3EED422A8D7C
Services : IMAP, POP
Status : DateInvalid
Subject : CN=mail.empirenow.com, OU=Terms of use at
www.verisign.com/rpa (c)05, OU=Empire Financial, O="Empire Financial Group,
Inc.", L=L
ongwood, S=Florida, C=US
Thumbprint : 73DA106BFECC1C70614FBBB247085803228A5B6E
This tells me:
#1 That I have one old cert for IMAP and POP - I guess I can just delete
this one?
#2 My cert for SMTP will expire on 7/22/2008 - This is a cert generated by
my HTS/CAS named Gemini during setup I guess.
#3 I have a cert from Verisign for the IMAP, POP, and IIS services
My question is, can I just reassign the SMTP service to use the Verisign
cert? How will this affect my clients? (MAPI, OWA, Outlook Anywhere)
If I can't use the Verisign cert, will I just need to generate a new one
using the New-ExchangeCertificate cmdlet as explained in the event log
message?
Thanks in advance,
Jeff
--
Bharat Suneja
Microsoft Corporation
blog: exchangepedia.com/blog
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
----------------------------
"Jeff7492" <Jeff...@discussions.microsoft.com> wrote in message
news:D126B50F-7A87-45FC...@microsoft.com...
I'm not sure what my options are at this point. Should I just create a new
certificate? Any advise would be appreciated.
Exchange Server 2007: Renewing the self-signed certificate
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
--
Bharat Suneja
Microsoft Corporation
blog: exchangepedia.com/blog
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
----------------------------
"Jeff7492" <Jeff...@discussions.microsoft.com> wrote in message
news:E9B0C053-A581-4682...@microsoft.com...