Exchange Certificates Test

To enable encryption for one or more Exchange services, the Exchange server needs to use a certificate. SMTP communication between internal Exchange servers is encrypted by the default self-signed certificate that is installed on the Exchange server. To encrypt communication with internal or external clients, servers, or services, Exchange administrators will use a certificate that is automatically trusted by all clients, services and servers that connect to Exchange organization. If administrators are unable to access the Exchange server, they may want to check if the certificate used by the Exchange server is invalid, untrusted, or revoked. The Exchange Certificates test helps administrators perform this check!

This test automatically discovers the certificates used by the Exchange server and reports the current status of each certificate. This way, invalid, revoked, untrusted, and unknown certificates can be identified. Besides, the test also leads administrators to certificates that are nearing expiry by reporting the number of days for which each certificate will remain valid. In the process, this test also helps administrators determine whether each certificate is self-signed or not.

Target of the test : A Microsoft Exchange server

 Agent deploying the test : An internal agent

Outputs of the test : One set of results each certificate used by the target Exchange server.

Configurable parameters for the test
Parameter Description

Test period

How often should the test be executed .

Host

The host for which the test is to be configured.

Port

The port number at which the specified host listens.

XCHGEXTENSIONSHELLPATH

The Exchange Management Shell is a command-line management interface, built on Windows PowerShell v2, which enables you to administer every part of the Microsoft Exchange Server. This test uses the Exchange management shell to run scripts and collect the desired performance metrics from the Exchange server. To enable the test to load the Exchange management shell snap-in (exshell.psc1) for script execution, you need to specify the full path to the Exchange management shell in the XCHGEXTENSIONSHELLPATH text box. For instance, your specification can be, c:\progra~1\micros~1\exchan~1\v14\bin\exshell.psc1.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:The eG manager license should allow the detailed diagnosis capabilityBoth the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Indicates the current status of this certificate.

 

The values that this measure can report and their corresponding numeric values are listed in the table below:

Measure Value Numeric Value
Valid 100
Untrusted 90
Pending request 80
RevocationCheckFailure 70
Revoked 60
Unknown 50
DateInvalid 10

Invalid

0

Note:

Typically, this measure will report the Measure Values listed in the table above to indicate the status of a certificate. In the graph of this measure however, the same will be indicated using the numeric equivalents only.

Use the detailed diagnosis of this measure to know who issued the certificate, when the certificate is expired or about to expire, whether the certificate has private key, and CA type and thumbprint version of the certificate.

Days to expire

Indicates the number of days by which this certificate will expire.

Days

A high value is preferred for this measure. A low value of this measure indicates that the exchange certificate is going to be expired soon and you should update the certificate before it expires.

Is self signed?

Indicates whether/not this certificate is self-signed.

 

The values that this measure can report and their numeric equivalents are listed in the table below:

Measure Value Numeric Value
No 0
Yes 1

Note:

By default, this measure reports the above-mentioned Measure Values to indicate whether the certificate is self-signed or not. However, in the graph of this measure will be represented using the corresponding numeric equivalents only.