Remember to Renew Your Server Certificates
Almost every company, including Microsoft has made this slip up. Today your OWA, OMA, and Exchange ActiveSync remote access solution is working fine, and then the next day, POW!, it's not working any more. You try to figure out if it's a problem with the Exchange Server, the firewall or something else in the network path. Finally, you do some network analysis and check the log files and you realize that your server certificate on the Exchange Server or on the firewall that is front-ending for the Exchange Server has expired. The fix is as easy as renewing the certificate or getting a new one.
One nice thing about the ISA Firewall is that when you configure the ISA Firewall to publish Web servers, such as the Exchange Web services, it generates an alert and sends you a reminder that your certificates are going to expire in the near future. For example, ISA 2004 will start reminding you 45 days in advance, giving your plenty of time to get that certificate renewed and installed on the ISA firewall.
If you haven't done so already, check all the Web servers that require SSL connections in your company and make a note of when the certificates are due to expire. Then create an Outlook appointment in your calendar to remind you to renew those certificates at least a month in advance. Just this one little planning activity will go a long way toward preventing what can become a major fire drill in your organization.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)