Topic Last Modified: 2007-01-09

The Microsoft® Exchange Server Analyzer Tool queries the Server Certificate object in the Exchange server system to retrieve various properties on X509 certificates. For each Secure Sockets Layer (SSL) certificate found, the Exchange Server Analyzer evaluates the ExpirationDate attribute to identify the expiration date of the certificate.

Note:
A server must have a server certificate when it runs a SSL protocol. The server certificate contains the Web site name. The browser verifies that the Web site is the name that was entered. For example, if there is a Web site such as https://www.example.com, the name of the certificate should be www.example.com.

The Exchange Server Analyzer displays a warning when the ExpirationDate is between 3 and 20 days away. The Exchange Server Analyzer displays an error when the ExpirationDate is less than 3 days away.

If the certificate has expired, SSL connections to the URL specified in this message will fail. Similarly, RPC over HTTP and Exchange Server ActiveSync connections that use that URL will fail.

To resolve this certificate expiration warning or error, renew the certificate specified in this message. The steps that you must follow to renew a certificate depend on the certification authority that you use.

For More Information

For more information about SSL and the use of certificates with virtual servers in Exchange Server, see the following Exchange resources:

  • For information about how to use certificates with virtual servers in Exchange Server 2003, see Microsoft Knowledge Base Article 823024, "How to Use Certificates with Virtual Servers in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823024).

  • For information about how to use SSL and how to obtain and install server certificates, see "Configuring Exchange Server 2003 for Client Access" in the Exchange Server 2003 Client Access Guide (http://go.microsoft.com/fwlink/?LinkId=47568).

  • For information about how to use SSL and how to obtain and install server certificates for Exchange Server 2007, see "How to Configure SSL for Outlook Anywhere" (http:// go.microsoft.com/fwlink/?LinkId =80875).