|
Posted by =?Utf-8?B?Umlja3lWZW5l?= on September 20, 2007, 10:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Brian,
I deleted all old certificates for the owa in both exchange and ISA. Then I
restarted exchange 2003, it still didn't work accessing OWA outside. Lastly,
I restarted ISA 2004, it worked now connecting outside.
You know I wish I have all the time to read all the books and articles but
I'm a network administrator on Linux, Unix, Windows, Mac, Blackberry, SMS,
ISA, Oracle, SQL, MOM, ESX, etc.
So this forum really help a lot and hope that you will answer us. I've
heard you on runas radio as well regarding the ev certificate on IE7.
I will look on the solution you gave me regarding renewing certificates on
2003 standard/enterprise automatically next year again because I have so many
things to do rather than recreating the scenario on my virtualization. My
certificates are good again for another year, yahoo or windowssssss
livvveeeeeeeee.
Thanks,
Ricky
"Brian Komar" wrote:
> I really have no idea what you are talking about...
> But... here is a guess
>
>
> 1) You can renew certificates on any Skew of Windows Server 2003, as long as
> you have a valid certificate. This means that it is time valid, not revoked,
> etc. If your revocation checking is not working, this could be the issue.
>
> 2) More inline.
>
> > Mr. PKI,
> >
> > I already called support and tech did so many things. But the only
> > solution
> > on my 2003 standard CA is to renew the subordinate and revoke all
> > user/server
> > certificates and recreate each one of them. Very painfull. Is this
> > automatic on Enterprise or the same process? I haven't finished your book
> > reading about it.
>
> Only enterprise CAs running on Enterprise Edition enable autoenrollment.
> So, it really depends on whether the certificates are based on v1 or v2
> certificates tempaltes.
> I am not sure why you feel you have to:
> 1) Renew the subrodinate
> 2) AND then revoke all user and server certificates.
>
> When you renew a CA, the previous certificate (if time valid) is still in
> use and certificates signed by it are still valid.
>
> >
> > Anyways, I've check my new signed email, it's fine and ok. But my new owa
> > cert with the same name as the url can't be opened on the browser using
> > IE7.
> > I gues I have to call another support for exchange/OWA. Internally I can
> > open it, only externally. Or maybe because of ISA 2004. OWA was working
> > fine before this renewal.
>
> Well, for OWA, you really should be purchasing a certificate from an
> external vendor. It sounds like you have torn down your PKI and rebuilt. In
> this case, you need to distribute the new root CA certificate of the chain
> to all clients. The external IE 7 users are blocking the URL because the new
> root CA is non-trusted.
>
> certutil -addstore root "certfile" will fix that
>
>
> >
> > Can you please give me a clue what's happening? Maybe because I haven't
> > restarted the server although I restarted all the exchange services.
>
> This could help, but again, you really have provided no real information.
> Trying to insult me does not work either. I am done with this thread
>
>
> >
> > Thanks,
> > Ricky
> >
> >
> > "Brian Komar" wrote:
> >
> >> I am sorry, I really have no idea what you are asking
> >> Can you please re-ask
> >> Brian
> >>
> >> > There's no renewal on 2003 Stanadard, is it only for Enterprise.
> >> >
> >> > In standard you need to delete and create new certificate when the cert
> >> > expired.
> >> >
> >> > Please clarify.
> >> >
> >> > Thanks,
> >> > Ricky
> >> >
> >> > "Brian Komar" wrote:
> >> >
> >> >> On Mon, 25 Jun 2007 18:15:04 -0700, cLOWN gOD wrote:
> >> >>
> >> >> > Sorry I'm a newbie, I guess I should know this, but a few days ago I
> >> >> > noticed
> >> >> > that the certificates were about to expire in a couple of days (on
> >> >> > 6/17/2007)
> >> >> > on my Cert Server, and started reading frantically through a
> >> >> > Microsoft
> >> >> > PKI
> >> >> > Certificate book.
> >> >> >
> >> >> > I was (and still am unable to find ANYTHING regarding how to
> >> >> > replace
> >> >> > the
> >> >> > expired certificates, although I gather from what I read, that there
> >> >> > is
> >> >> > no
> >> >> > way to renew or edit them)? The expired certificates are in the
> >> >> > “Trusted Root
> >> >> > Certificate” /Certificates folder.
> >> >> >
> >> >> >
> >> >> >
> >> >> > Interestingly, the “_NMSTR/Certificates” folder appears to contain
> >> >> > certificates (named a little differently) that have a much longer
> >> >> > expiration
> >> >> > period (valid till 12/31/2039). This is on a sealed test network so
> >> >> > there is
> >> >> > no real “critcal data” to protect, although I do kind of need to
get
> >> >> > it
> >> >> > running for testing. Thanks!
> >> >>
> >> >> Just run the IIS certificate wizard again. There is an option to renew
> >> >> the
> >> >> certificate. This was really basic, so not included in the book. (I
> >> >> may
> >> >> add
> >> >> it next time).
> >> >> Brian
> >> >>
> >>
> >>
>
>
| 
XML site map