Re: SSL certificates

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks Elan

My questions are two fold.

1 - What services do I need enabled on the Cert if we are using OWA, Outlook
Anywhere, and Window Mobile?

2 - The other certs which seem to of been created by default - Cert 2 and 3
- are they needed by AD or anything else for internal use?

"Elan Shudnow [MVP]" wrote:

You have certificates that are being utilized for services that aren't
enabled on your valid certificate. Are you using these services? If not,
it should be safe to remove. If yes, then make sure that you utilize the
service on your new valid certificate. The new valid certificate should
contain the name that the user's connect via the old certificate so they
don't get any connectivity issues when you remove the old certificate and
utilize only the new valid one.

--
Elan Shudnow
Exchange MVP
http://www.shudnow.net

"SJMP" <sjmp@xxxxxxxxxxxxxxxx> wrote in message
news:B5702447-7389-433D-9540-421D977C2D25@xxxxxxxxxxxxxxxx
PS - It is the second and third cert that I want to remove

Cert 2 - expires 3/4/2009
Cert 3 - expires 1/29/2009

"SJMP" wrote:

I want to know if I can remove the two of the three certs on the exchange
2007 sp1 server. Leaving just the valid third party SSL cert. Users
connect
via outlook anywhere and windows mobile.

"Event ID 12018 - STARTTLS certificate will expire soon. The certificate
domain for this event was server.mydomain.com (internal server name)"

On my send-connector the FQDN is mail.mydomain.com (public server name
matching third party SSL cert)

On my recieve connector the FQDN is server.mydomain.com (internal server
name)

Cert 1 - this is my valid SSL cert from comodo

Cert Domain - mail.mydomain.com, www.mail.mydomain.com
Issuer - Comodo
Root CA Type - Registry
Services - IIS, SMTP

Cert 2 -

Cert Domain - server, server.mydomain.com (internal server name)
Issuer - server
RootCAType - None
Services - IMAP, POP, SMTP

Cert 3 -

Cert Domain - server.greenbriarequity.com (internal server name)
Issuer - mail.mydomain.com (external name)
RootCAType - Enterprise
Services - IMAP, POP, SMTP


.

Relevant Pages

  • Re: SSL certificates
    ... You have certificates that are being utilized for services that aren't enabled on your valid certificate. ... The new valid certificate should contain the name that the user's connect via the old certificate so they don't get any connectivity issues when you remove the old certificate and utilize only the new valid one. ... Cert 3 - expires 1/29/2009 ... On my recieve connector the FQDN is server.mydomain.com (internal server name) ...
    (microsoft.public.exchange.admin)
  • Re: SSL certificates
    ... service on your new valid certificate. ... Cert 3 - expires 1/29/2009 ... On my recieve connector the FQDN is server.mydomain.com (internal server ... Services - IIS, SMTP ...
    (microsoft.public.exchange.admin)
  • RE: SSL certificates
    ... PS - It is the second and third cert that I want to remove ... Leaving just the valid third party SSL cert. ... On my recieve connector the FQDN is server.mydomain.com (internal server name) ... Cert Domain - server, server.mydomain.com ...
    (microsoft.public.exchange.admin)
  • SSL certificates
    ... Leaving just the valid third party SSL cert. ... domain for this event was server.mydomain.com " ... On my recieve connector the FQDN is server.mydomain.com (internal server name) ...
    (microsoft.public.exchange.admin)
  • Re: SSL certificates
    ... When you make your cert request you have the option to specify the internal netbios name and the external fqdn that users will hit from outside your network. ... service on your new valid certificate. ... >> 2007 sp1 server. ...
    (microsoft.public.exchange.admin)