locked
Renew Internal SSL certificate RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi


    The certificates are renewed using the following steps. logged on locally on each server:

    1. Open the Exchange Management Shell on the server.

    2. Use the following command to generate a new self-signed certificate and have it enabled for SMTP, POP3 and IMAP4

    New-ExchangeCertificate –Services

     

     

    3. Verify that the certificate has been installed for the specified services by running the

    Get-ExchangeCertificate command

    4. the expired certificate is still installed on the server. safely removed by running the

    Remove-ExchangeCertificate cmdlet.

    Remove-ExchangeCertificate –Thumbprint

     

     

    <Expired Certificate Thumbprint>

    5. Restart the

    Microsoft Exchange Active Directory Topology Service once completed.

    6. From an MMC, add the Local computer account’s Certificate snap-in and open the properties of the newly generated certificate. Confirm the validity of the certificate.

    so the validity has been renewed upto 2015

    But My query is

    it shows

    The CA root certificate is not trusted, to enable trust install this certificate in trusted root certification authorities store.
    does this needs to be care of or without that its still fine

    please advise
    Thanks
    AK

    SMTP,IMAP,POP
    Tuesday, January 12, 2010 2:46 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote


    The CA root certificate is not trusted, to enable trust install this certificate in trusted root certification authorities store.
    does this needs to be care of or without that its still fine

    please advise

    This warning message can be ignored and will only be displayed for users that don't have the certificate installed in the Trusted Root Certification authorities.
    The only issue is that the user will have to click on "Continue using this page...."
    Elie B. MCITP: EMEA|EA|SA; MCTS: Microsoft Exchange Server 2010: Configuration; Blog: http://blog.elieb.info
    • Proposed as answer by Xiu Zhang Wednesday, January 13, 2010 8:18 AM
    • Marked as answer by Xiu Zhang Monday, January 25, 2010 2:40 AM
    Tuesday, January 12, 2010 5:55 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote


    The CA root certificate is not trusted, to enable trust install this certificate in trusted root certification authorities store.
    does this needs to be care of or without that its still fine

    please advise

    This warning message can be ignored and will only be displayed for users that don't have the certificate installed in the Trusted Root Certification authorities.
    The only issue is that the user will have to click on "Continue using this page...."
    Elie B. MCITP: EMEA|EA|SA; MCTS: Microsoft Exchange Server 2010: Configuration; Blog: http://blog.elieb.info
    • Proposed as answer by Xiu Zhang Wednesday, January 13, 2010 8:18 AM
    • Marked as answer by Xiu Zhang Monday, January 25, 2010 2:40 AM
    Tuesday, January 12, 2010 5:55 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    All Modern Browsers containing the list of trusted root certification authorities. If you have installed an SSL Certificate to your site from the authority which is not listed in browsers then browser will show the message that you have mentioned "The CA root Certificate is not trusted" and it will show to all users which are going to visit your site and all users may not continue with your site by seeing such message and moved away.

    So its better to install an SSL Certificate from trusted Certificate Authority such as Symantec, Comodo, RapidSSL, Thawte and GeoTrust which has been listed in all modern browsers.


    • Edited by Martin J Wilson Thursday, September 19, 2013 12:09 PM formatting
    Thursday, September 19, 2013 12:07 PM