Monitoring the status of certificates

Published: January 11, 2010

Updated: April 8, 2010

Applies To: Unified Access Gateway

Certificates are used in Forefront UAG publishing scenarios, server and Forefront UAG DirectAccess deployments. If certificates expire, a warning message is displayed when users attempt to connect to the Forefront UAG server, or the Forefront UAG server computer will not be able to connect to the published server.

On a monthly basis, you should check the expiration date on all certificates on the Forefront UAG server computer and the published Web servers. This will provide you with enough time to renew a certificate before it expires.

The types of certificates your Forefront UAG deployment might include:

  • A server certificate, for the portal trunk.

  • An LDAP client certificate.

  • An Exchange client access server certificate.

  • An IPsec certificate using a specific, single, common root or intermediate CA, which is trusted by IPsec on both the DirectAccess client and the Forefront UAG DirectAccess server.

  • An IP-HTTPS Web server certificate, where the DirectAccess client must trust the root CA that issued the certificate.

  1. On the Forefront UAG server, click Start, type mmc in the Search programs and files box, and then press ENTER.

  2. On the File menu, click Add/Remove Snap-in.

  3. Under Available snap-ins, double-click Certificates, select Computer account, click Next, click Finish, and then click OK.

  4. Expand Certificates (Local Computer), expand the Personal folder, and then select the Certificates folder.

  5. Double-click the Expiration Date column to sort the certificates based upon expiration dates.

  6. Renew certificates that have expired, or are expiring, according to the instructions of the issuing certification authority.