Sunday, August 23, 2009

Error Code: 500 Internal Server Error. The received,certificate has expired.

Okay you just figured out the SSL Certificate installed on CAS server is expired and now OWA is no longer accessible for your users. If you have no clue about how certificates work in general keep reading this is going to be good guideline for you.

Issue: SLL Certificate is expired and it was not renewed within allowed time

Impact: OWA is not accessible, RPC,HTTPS and other services relay on SSL Cert are also not working.

Task:

1.Create CRS IIS7 ( ……….click on the arrow……….)

image

2. Request Certificate from CA ( in this example VeriSign), you normally get an e-mail from them asking you to download your certificate…. fallow the steps

3. Create Intermediate CR

4. Create CA with extension    WebmailTelnet25.P7b

5. Install Intermediate.cer  to , ordinal machine ( CAS server) you have created CRS (…IMPORTANT….)

6. Import process involves, Click start open run,MMC add certificated snap in, select Local Machine

SSL Certificate Installation in Microsoft IIS 7

image

7. Use Complete Certificate Request in IIS 7 to import the certificate back into  CAS server

8. Export the imported Cert (-: , you need this to import back to your second CAS if you have it or to your ISA server or servers format is .PFX

9. Import certificate into Exchange EMS

Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

10. verify the Cer

Get-ExchangeCertificate

11. Import Certificate into ISA same, MMC

Local computer

Personal-------> certificates ----> here

Intermediate certification Authorities--->Certificated---here

12. make sure the ISA CAS web publishing rules happy with new cert

13. Reboot ISA Servers

  • If using ISA 2004 or ISA 2006, you need to reboot your servers. It has been reported that ISA services won't send the intermediate certificate until after a reboot.

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.worldpress.com (Blog)

No comments: