Certificates are used in Forefront UAG publishing scenarios, server and Forefront UAG DirectAccess deployments. If certificates expire, a warning message is displayed when users attempt to connect to the Forefront UAG server, or the Forefront UAG server computer will not be able to connect to the published server.
On a monthly basis, you should check the expiration date on all certificates on the Forefront UAG server computer and the published Web servers. This will provide you with enough time to renew a certificate before it expires.
The types of certificates your Forefront UAG deployment might include:
- A server certificate, for the portal
- An LDAP client certificate.
- An Exchange client access server
- An IPsec certificate using a specific,
single, common root or intermediate CA, which is trusted by IPsec
on both the DirectAccess client and the Forefront UAG DirectAccess
- An IP-HTTPS Web server certificate, where the
DirectAccess client must trust the root CA that issued the
To monitor the expiry date of a certificate
On the Forefront UAG server, click Start, type mmc in the Search programs and files box, and then press ENTER.
On the File menu, click Add/Remove Snap-in.
Under Available snap-ins, double-click Certificates, select Computer account, click Next, click Finish, and then click OK.
Expand Certificates (Local Computer), expand the Personal folder, and then select the Certificates folder.
Double-click the Expiration Date column to sort the certificates based upon expiration dates.
Renew certificates that have expired, or are expiring, according to the instructions of the issuing certification authority.