|
Measures reported by XchgCertTest
To enable encryption for one or more Exchange services, the Exchange server needs to use a certificate. SMTP communication between internal Exchange servers is encrypted by the default self-signed certificate that is installed on the Exchange server. To encrypt communication with internal or external clients, servers, or services, Exchange administrators will use a certificate that is automatically trusted by all clients, services and servers that connect to Exchange organization. If administrators are unable to access the Exchange server, they may want to check if the certificate used by the Exchange server is invalid, untrusted, or revoked. The XchgCertTest helps administrators perform this check!
This test automatically discovers the certificates used by the Exchange server and reports the current status of each certificate. This way, invalid, revoked, untrusted, and unknown certificates can be identified. Besides, the test also leads administrators to certificates that are nearing expiry by reporting the number of days for which each certificate will remain valid. In the process, this test also helps administrators determine whether each certificate is self-signed or not.
Outputs of the test : One set of results each certificate used by the target Exchange server.
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Status |
Indicates the current status of this certificate. |
|
The values that this measure can report and their corresponding numeric values are listed in the table below:
| Measure Value |
Numeric Value |
| Valid |
100 |
| Untrusted |
90 |
| Pending request |
80 |
| RevocationCheckFailure |
70 |
| Revoked |
60 |
| Unknown |
50 |
| DateInvalid |
10 |
| Invalid |
0 |
Note:
Typically, this measure will report the Measure Values listed in the table above to indicate the status of a certificate. In the graph of this measure however, the same will be indicated using the numeric equivalents only.
Use the detailed diagnosis of this measure to know who issued the certificate, when the certificate is expired or about to expire, whether the certificate has private key, and CA type and thumbprint version of the certificate. |
| Days_to_expire |
Indicates the number of days by which this certificate will expire. |
Days |
A high value is preferred for this measure. A low value of this measure indicates that the exchange certificate is going to be expired soon and you should update the certificate before it expires. |
| Is_self_signed |
Indicates whether/not this certificate is self-signed. |
|
The values that this measure can report and their numeric equivalents are listed in the table below:
| Measure Value |
Numeric Value |
| No |
0 |
| Yes |
1 |
Note:
By default, this measure reports the above-mentioned Measure Values to indicate whether the certificate is self-signed or not. However, in the graph of this measure will be represented using the corresponding numeric equivalents only. |
|