A Secure Sockets Layer Certificate Will be Expiring Soon

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2007-01-09

The Microsoft® Exchange Server Analyzer Tool queries the Server Certificate object in the Exchange server system to retrieve various properties on X509 certificates. For each Secure Sockets Layer (SSL) certificate found, the Exchange Server Analyzer evaluates the ExpirationDate attribute to identify the expiration date of the certificate.

A server must have a server certificate when it runs a SSL protocol. The server certificate contains the Web site name. The browser verifies that the Web site is the name that was entered. For example, if there is a Web site such as https://www.example.com, the name of the certificate should be www.example.com.

The Exchange Server Analyzer displays a warning when the ExpirationDate is between 3 and 20 days away. The Exchange Server Analyzer displays an error when the ExpirationDate is less than 3 days away.

If the certificate has expired, SSL connections to the URL specified in this message will fail. Similarly, RPC over HTTP and Exchange Server ActiveSync connections that use that URL will fail.

To resolve this certificate expiration warning or error, renew the certificate specified in this message. The steps that you must follow to renew a certificate depend on the certification authority that you use.

For more information about SSL and the use of certificates with virtual servers in Exchange Server, see the following Exchange resources:

  • For information about how to use certificates with virtual servers in Exchange Server 2003, see Microsoft Knowledge Base Article 823024, "How to Use Certificates with Virtual Servers in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823024).

  • For information about how to use SSL and how to obtain and install server certificates, see "Configuring Exchange Server 2003 for Client Access" in the Exchange Server 2003 Client Access Guide (http://go.microsoft.com/fwlink/?LinkId=47568).

  • For information about how to use SSL and how to obtain and install server certificates for Exchange Server 2007, see "How to Configure SSL for Outlook Anywhere" (http://go.microsoft.com/fwlink/?LinkId=80875).


Community Additions