Okay you just figured out the SSL Certificate installed on CAS server is expired and now OWA is no longer accessible for your users. If you have no clue about how certificates work in general keep reading this is going to be good guideline for you.
Issue: SLL Certificate is expired and it was not renewed within allowed time
Impact: OWA is not accessible, RPC,HTTPS and other services relay on SSL Cert are also not working.
Task:
1.Create CRS IIS7 ( ……….click on the arrow……….)
2. Request Certificate from CA ( in this example VeriSign), you normally get an e-mail from them asking you to download your certificate…. fallow the steps
3. Create Intermediate CR
4. Create CA with extension WebmailTelnet25.P7b
5. Install Intermediate.cer to , ordinal machine ( CAS server) you have created CRS (…IMPORTANT….)
6. Import process involves, Click start open run,MMC add certificated snap in, select Local Machine
SSL Certificate Installation in Microsoft IIS 7
7. Use Complete Certificate Request in IIS 7 to import the certificate back into CAS server
8. Export the imported Cert (-: , you need this to import back to your second CAS if you have it or to your ISA server or servers format is .PFX
9. Import certificate into Exchange EMS
| Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS" |
10. verify the Cer
| Get-ExchangeCertificate |
11. Import Certificate into ISA same, MMC
Local computer
Personal-------> certificates ----> here
Intermediate certification Authorities--->Certificated---here
12. make sure the ISA CAS web publishing rules happy with new cert
13. Reboot ISA Servers
- If using ISA 2004 or ISA 2006, you need to reboot your servers. It has been reported that ISA services won't send the intermediate certificate until after a reboot.
oz Casey Dedeal,
MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
No comments:
Post a Comment