Certificates are used in Forefront UAG publishing scenarios, server and Forefront UAG DirectAccess deployments. If certificates expire, a warning message is displayed when users attempt to connect to the Forefront UAG server, or the Forefront UAG server computer will not be able to connect to the published server.
On a monthly basis, you should check the expiration date on all certificates on the Forefront UAG server computer and the published Web servers. This will provide you with enough time to renew a certificate before it expires.
The types of certificates your Forefront UAG deployment might include:
- A server certificate, for the portal
trunk.
- An LDAP client certificate.
- An Exchange client access server
certificate.
- An IPsec certificate using a specific,
single, common root or intermediate CA, which is trusted by IPsec
on both the DirectAccess client and the Forefront UAG DirectAccess
server.
- An IP-HTTPS Web server certificate, where the
DirectAccess client must trust the root CA that issued the
certificate.
To monitor the expiry date of a certificate
-
On the Forefront UAG server, click Start, type mmc in the Search programs and files box, and then press ENTER.
-
On the File menu, click Add/Remove Snap-in.
-
Under Available snap-ins, double-click Certificates, select Computer account, click Next, click Finish, and then click OK.
-
Expand Certificates (Local Computer), expand the Personal folder, and then select the Certificates folder.
-
Double-click the Expiration Date column to sort the certificates based upon expiration dates.
-
Renew certificates that have expired, or are expiring, according to the instructions of the issuing certification authority.