How to Renew Your EBS SSL Certificates

[Today's post comes to us courtesy of Sharique Ahmed]

This article describes how to use the Update Certificates Wizard of your Windows Essential Business Server (EBS) servers. Running the Update Certificates Wizard automates the renewal of Windows Essential Business Server (EBS) SSL certificates.

Windows EBS installs the Active Directory Certificate Services server role on the Management Server. This creates a single-tier enterprise public key infrastructure (PKI) hierarchy with a certification authority that is specific to the Windows EBS domain. This private certification authority issues self-signed certificates that are used by default by Forefront TMG for publishing secure Web sites such as Outlook Web Access and Remote Web Workplace.

To update the certificates for Internet access that are issued by Windows EBS, use the Update Certificates Wizard. Certificates that are issued by Windows EBS typically expire after two years. It is recommended that you update each certificate before its expiration date to ensure that your Security Server and Messaging Server function normally.

The wizard can update the following private Secure Sockets Layer (SSL) certificates:

• Messaging Server: This certificate is used for SSL connections to Internet Information Services (IIS) Web sites, such as Outlook Web Access.
• Security Server: This certificate is used by Forefront TMG to publish the Terminal Services Gateway and SSL Web sites in your network.

NOTE: You cannot use the Update Certificates Wizard to update any certificate that is not issued by Windows EBS.

IMPORTANT: Updating your certificates briefly interrupts Internet connectivity and client access to Microsoft Exchange through Outlook Web Access. To minimize impact to users on your network, update certificates during a scheduled service maintenance period.

To update the SSL certificates:

1. Log on to the Management Server with an account that is a member of the Domain Admins group.
2. Click Start, point to All Programs, click Windows Essential Business Server, click Tools, and then click Update Certificates. The Update Certificates Wizard appears.
3. Supply the User Credentials and Domain Name.
4. On the Choose Certificates section, check the Server Certificate(s) that you wish to renew.
5. Click Update. A progress bar will now be displayed.
6. On the Finish page, click Close.

More Information:

• https://technet.microsoft.com/en-us/library/cc940952.aspx
• https://technet.microsoft.com/en-us/library/cc463518.aspx