Certificate Expiration Alerter Advanced Version Installation and Configuration Lync Solutions fkunz@lync-solutions.com Version Certificate Expiration Alerter Advanced 2.0 Page 2 of 14 Version Date Author Remarks 1.0 8/31/2012 Fabian Kunz Initial document created. Current Document properties Property Status Status Final Publish date 3/18/2016 © Lync Solutions 2016 all rights reserved. This document is intellectual property of Lync Solutions. No duplication or distribution allowed without written notice of the owner. No distribution outside the customer’s organization allowed. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 3 of 14 Table of contents 1 Introduction ................................................................................................................................ 4 2 Requirements.............................................................................................................................. 4 3 Install Procedure ......................................................................................................................... 4 4 Configuration .............................................................................................................................. 6 5 Reporting .................................................................................................................................. 10 6 Event Log ................................................................................................................................... 11 7 Backup....................................................................................................................................... 12 8 Uninstall .................................................................................................................................... 13 9 Known Issues............................................................................................................................. 13 10 Notification Email Example .................................................................................................. 13 Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 4 of 14 1 Introduction Microsoft Lync Server and Microsoft Exchange Server use certificates for encryption and authentication. When certificates expire unexpectedly, network administrators are under pressure to resolve the problem quickly. Fortunately, most trusted Certificate Providers inform customers by email before certificates expire. But what happens when certificates are issued by an internal Microsoft Windows Certificate Authority? If customers do not have a monitoring solution, such as Microsoft System Center Operations Manager, to provide status updates on certificate expirations, it is a real challenge to keep track of scheduled certificate expirations. The Certificate Expiration Alerter is an application that helps prevent unplanned certificate expirations. 2 Requirements The following are requirements to run the Certificate Expiration Alerter: Windows 2003, Windows 2008, Windows 2008 R2 or Windows 2012 Windows versions supported: English, German and French .NET 4 with latest updates The Certificate Expiration Alerter can be installed on a Certificate Authority (CA) Server or on a remote Server. The Certificate Expiration Alerter consists of a Windows service and a graphical user interface for configuring the Windows service settings and run reports. 3 Install Procedure The following table details the installation steps for setting up the Certificate Expiration Alerter Advanced. - Run Setup.exe with local administrator privileges. - The Certificate Expiration Alerter Advanced consists of the following two files: Lync Solutions Certificate Expiration Alerter Advanced.msi Setup.exe http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 5 of 14 - Click Next - Change the default installation location if desired - Click Next - Click Next Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 6 of 14 - Click Close 4 Configuration To configure the Certificate Expiration Alerter, run the Certificate Expiration Alerter Configurator. - Start the Certificate Expiration Alerter Configurator Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 7 of 14 - Specify all values. DC Name Specify a Domain Controller. It can be also a Domain Controller from a child domain. DC Name Specify the distinguished name of your root domain (E.g. dc=rootdomain,dc=local) even if you specified a child domain controller in the field “DC Name” Recipient To supply multiple email addresses, use the delimiter ";". Example : info@lync-solutions.com;support@lync-solutions.com Runs daily at The time when the services checks the certificates that are scheduled to expire. NOTE: Changing this field requires restarting the service. - If you want to filter based on certificate templates, select List Templates. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 8 of 14 - Optionally you can activate the feature, Monthly Summary Report Email. As soon as you activate this feature, an email will be sent on the first of the month if there are any certificates about to expire in the next X days. - Anytime you make any changes in the General Settings or CA Monitoring Settings sections, you must save your settings using Save All. - Open services.msc and select the Certificate Expiration Alerter service. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 9 of 14 - Specify a service account that has enough permission to connect to the CA and read the certificate templates from Active Directory. In addition, this service account requires local administrator permission on the server where the Certificate Expiration Alerter is installed. - Start the service - An event log entry will be written in the application eventlog whether the Certificate Expiration Alerter was able to connect to the specified Domain Controller and CA Server. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 10 of 14 5 Reporting The Reporting section does not have any impact on the windows service configuration. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 11 of 14 6 Event Log The Certificate Expiration Alerter logs service interactions in the Application Event Log. The following table illustrates examples of possible event log entries. After a service restart and shortly before the service is looking for certificates that are scheduled to expire Process start Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 12 of 14 Process end Notification email 7 Backup To backup all settings, export all the values under the registry key CertExpAlerter. Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Page 13 of 14 8 Uninstall The uninstall process does not delete the registry key described in section 7. 9 Known Issues We do not consider the daylight saving time for the value Runs daily at. If this is an issue in your environment, restart the service after the daylight saving time change. 10 Notification Email Example Alert email: Monthly summary report email: Lync Solutions http://www.lync-solutions.com Certificate Expiration Alerter Advanced 2.0 Lync Solutions Page 14 of 14 http://www.lync-solutions.com