Results 1 to 5 of 5

Thread: How to generate internal cert in MS Exchange 2010?

  1. #1
    Join Date
    Jan 2012
    Posts
    56

    How to generate internal cert in MS Exchange 2010?

    I am looking to upgrade to Exchange 2010. Right now I am not having split DNS. internal domain names are different than that of external names. I am having ISA server which is used for publishing OWA and I am using public cert for this particular purpose. I am looking to create certificates for internal Exchange access. I am getting prompt on test account at the time of accessing 1st exchange 2010 server. I would really appreciate if you provide some information regarding usage of internal CA so that I can deploy internal UC cert and deploy the same on CAS servers. I let you know that I have already managed to setup internal CA.
    Is it needed to create a new exchange cert for every single server? does it require web request in order to generate new cert with FQDN, internal OWA name and netbios name? let me know whether group policy is needed to send certificate to all computers. Or it would be fine to deploy them on server?
    Any help on this particular matter will be highly appreciated. Thanks a lot in advance.

  2. #2
    Join Date
    Aug 2011
    Posts
    564

    Re: How to generate internal cert in MS Exchange 2010?

    I recommend that you should simply install SAN certificate on Exchange. You should contact 3rd party CA which is having support for these kind of certs,. You should aware of all subject Alternative Names which will help you to register. Following exchange Management Shell (EMS) command Tom which you should enter in order to generate cert request that should be provided to e 3rd party CA so that it can generate actual cert.

    Code:
    New-Exchangecertificate -domainname mail.contoso.com, contoso.com, contoso.local, autodiscover.contoso.com, server01.contoso.local, server01 -Friendlyname contosoinc -generaterequest:$true -keysize 1024 -path c:\certrequest.req -privatekeyexportable:$true –subjectname "c=US o=contoso inc, CN=server01.contoso.com"
    After processing of your request, you will get cet and you have to install the same on your default website. There is no need of IIS Admin Console to install certificate. Also you should use management shell to install cert.
    You should import cert by
    Code:
    Import-exchangecertificate –path <full path to cert file>
    After that you have to enable the same
    Code:
    Enable-exchangecertificate
    After executing above mentioned command you will notified to enter desire service which you wanted to enable for certificate created. As per requirement you can enable cert for IIS, POP3, IMAP, SMTP, or UM. You will be able to enable the same for multiple service by using enable command. Also you can use below mentioned parameter.

    Code:
    -services IMAP, POP, UM, IIS, SMTP

    After executing above mentioned command it will ask for thumbprint . you have to copy and paste from results. If you are not able to get thumbprint then you should execute below mentioned command.
    Code:
    Get-Exchangecertificate
    You should mentioned thumbprint whenever you are executing 'enable-exchangecertificate' command by using below mentioned parameter.
    Code:
    -thumbprint D75305BEF8175570EB6E03BA6FF4372D05ACE39F4
    You should take care of the thing you have selected correct thumbprint in case you are having multiple copies of the same. after that you will require external DNS record and it should be pointing towards IP address of CAS server for the external name which is mapped with this particular certificate.

  3. #3
    Join Date
    Aug 2011
    Posts
    460

    Re: How to generate internal cert in MS Exchange 2010?

    Well if you are looking publish client access via ISA then you will require same kind of certificate on ISA server for Exchange CASs. Your certificate is going to contain multiple names you are looking to get Unified Communications Certificate. It will let you to get multiple subject alternate names by means of lower cost rather than that of traditional SAN cert. also you will be able to enable 1 certificate for IIS for every single CAS server. so according to me making use of multiple SAN seems to be best option.

  4. #4
    Join Date
    Jul 2011
    Posts
    440

    Re: How to generate internal cert in MS Exchange 2010?

    You will be able to obtain Unified Communications certificates by using below ,mentioned steps.

    • First of all you have to generate certificate signing requests by making use of communications Server Certificate Wizard. You will get this particular wizard when you are supposed to install Communications Server.
    • Now you have to submit CSR which you generated to certification authority.
    • Once you have got the certificate you should simply save it on your computer. now you should make use of same Communications Server Certificate Wizard in order to install certificate.

  5. #5
    Join Date
    May 2011
    Posts
    410

    Re: How to generate internal cert in MS Exchange 2010?

    According to service which you have configured on your exchange your server would ask for certificate which would represent multiple domain names. You can use wildcard certificate, which would resolve the problem of yours. there are many customers who are not so comfortable with security implications which is used to maintain certificate used in sub-domain. You should simply list all domains as SANs in the certificate. This particular thing is normally used when certificate request has been generated by exchange.

Similar Threads

  1. Unable to Migrate UM from Exchange 2007 to Exchange 2010
    By Bengal Tiger in forum Windows Software
    Replies: 3
    Last Post: 28-04-2012, 07:30 AM
  2. Replies: 6
    Last Post: 01-12-2011, 10:31 PM
  3. Replies: 5
    Last Post: 10-05-2011, 10:33 PM
  4. Can I install Exchange 2003 or 2007 in Exchange 2010?
    By Kohlmann in forum Windows Software
    Replies: 8
    Last Post: 16-02-2011, 08:13 PM
  5. Migrate Exchange 2000 Data To Exchange 2010
    By Samara in forum Windows Software
    Replies: 6
    Last Post: 11-08-2010, 08:44 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,628,119.85091 seconds with 17 queries