Re: Certificate expiration issue

From: Steve Gould ("Steve)
Date: 11/23/04

• Next message: ptwilliams: "Re: Report current security in AD"
• Previous message: ptwilliams: "Re: Domain admin users audit"
• In reply to: Ryan Hanisco: "Re: Certificate expiration issue"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 23 Nov 2004 13:45:57 -0800

Good point. We run our own CA. I was actually looking at all the certs on
our cert server today. The cert in question did expire. The root ca was good
for another 12 months so I went ahead and renewed it. I went ahead and
revoked the expired certificate. Not sure what effect that will have, but
the OAL generator still errors out.

"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:uJbGc5OzEHA.3120@TK2MSFTNGP12.phx.gbl...
> Steve,
>
> Are you running your own CA?
> What is the expiration date for the root certificate?
> Check the expiration dates on the certificate for your server, IIS
> instance
> of OWA, and personal certificate in AU&C for your account.
> Is the CA available to the workstations or the CA chain installed on them
> (needed for some operations like RPCoHTTP)
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Steve Gould" <steve.gould(at)apawood.org> wrote in message
> news:O4Nj9kQyEHA.1296@TK2MSFTNGP10.phx.gbl...
>> My Exchange 2003 server just started giving an OAL error. I posted in the
>> Exchange group, but the issue goes into AD and Certificate Services also
> so
>> I figured I would repost here. I have an expired e-mail certificate, I
>> assume from https access to OWA. What can I do to resolve the issue? I
> have
>> been hunting in Certiciate Services for user certs and then in ADSIedit,
> but
>> I'm not sure where the expiration info would be. I did find a cert
>> listing
>> in ADSIedit, though. I could delete it for this user (me), but I'm not
> sure
>> of the ramifications of doing so.
>>
>> I turned up logging and found this error:
>>
>> Event Type: Warning
>> Event Source: MSExchangeSA
>> Event Category: OAL Generator
>> Event ID: 9323
>> Date: 11/12/2004
>> Time: 9:23:48 AM
>> User: N/A
>> Computer: SERVER
>> Description:
>> Entry 'Steve Gould' has invalid or expired e-mail certificates. These
>> certificates will not be included in the offline address list for
>> '\Global
>> Address List'.
>> - Default Offline Address List
>>
>> I am not sure what this means. The funny thing is that the user with the
>> error is ME. Can someone tell me what this means and how to fix it?
>>
>> Steve Gould
>>
>>
>>
>
>

---

• Next message: ptwilliams: "Re: Report current security in AD"
• Previous message: ptwilliams: "Re: Domain admin users audit"
• In reply to: Ryan Hanisco: "Re: Certificate expiration issue"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Web Certificate for IIS Server on SBS Domain ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ... (microsoft.public.windows.server.sbs) Re: Activesync between Windows Mobile 5 and SBS2003 gives error ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ... (microsoft.public.windows.server.sbs) Re: Terminal Services over a VPN ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ... (microsoft.public.windows.terminal_services) Re: SBS 2003 Premium and Cert Services ... that philosphy got blown out of the equation when SBS included Exchange OWA ... "Small Business Server" which is MS claim as to why the risk of exposing the ... the Certificate Server on another server, ... >> Cert, or you could edit the properties of your Certification Authority to ... (microsoft.public.windows.server.sbs) Re: Web Certificate for IIS Server on SBS Domain ... and installed the free 30-day certificate on my site. ... instructions to install Certificate Services. ... If I can find a way to issue my own cert without risking my SBS setup, ... > Server instead of the defaults from Server 2003, and when things blow up, ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)