Prior to Exchange Server 2013, the Exchange application did not automatically notify administrators of a pending upcoming certificate expiring. One of the issues we administrators run into is expiring certificates. If the Exchange environment has a certificate that expires, then typically, trusted access via clients is interrupted.
The good news is, you should ask the question, what is your companies’ process to notify of impending certificate expiration’s? Most third party certificate providers do send a notification, usually via e-mail, to customers to renew their certificates. And why wouldn’t they want you to know, since they will once again get your money for a renewed certificate?
Members in important groups
Back around August of 2013, I was working with a customer and wanted to confirm their process to get notified. They said yes, they have not only an SMTP address with their 3rd party certificate vendor, but that they have created a Distribution Group to send to multiple people to get the alert. Very good I said. However, they pointed out that recently there was NO ONE IN THE GROUP. I asked what?
They said the engineers that were in the group had eventually left the company. Now I could understand this at some level, since when you delete an AD object, do you ever confirm if the groups the user is a member of, are important to your organization? Most companies don’t check. Well guess what, you should!
So moral of the story: use an SMTP address assigned to a group for your certification renewal notification, AND take steps to ensure that at least someone is in that group and available within 30 days (the typical default time) of all calendar dates within an entire year.