Enable Certificates
hi guys,
I've got this current situation :
2 CAS server doing HA in a NLB, 2 HT, 2 MBX, 2 Edge and 2 ISA doing NLB to publish OWA and RPC..so I request cert from my CAS01, and already import + enabled the IMAP, IIS, POP services.
then I go to HT01 to enabled SMTP services, is it correct to export the cert (*.pfx) and import from HT01 then I have to enabled the SMTP services?
Do I have to import from other server : CAS02, HT02 and enabled the appropriate services?
how do I disabled the selfsigned service ? I'm using the enabled-exchangecertificate -thumbprint <thumbprint> -services none
, but I don't get the services disabled ? Do I have to export it to ISA01 and ISA02? I don't have to export to Edge and MBX right?
sorry for the noob question, thx..
rgds, Krisna
May 6th, 2010 10:20am
Ans:
1: Yes you have to enable certificate for other CAS and HUB also
2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell.
3: For ISA you have to enable cetificate if you have taken from internet CA
4: YesAnil
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2010 3:25pm
Ans:
1: Yes you have to enable certificate for other CAS and HUB also
2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell.
3: For ISA you have to enable cetificate if you have taken from internet CA
4: Yes
Anil
humm, for answer number 2 I'm still a little bit confuse because if I don't remove the self signed cert then I import the internet CA then enabled it, when I
get-exchangecertificate there's two SMTP/IMAP/IIS/POP services enabled? is it gonna be a problem?
for ISA, I only import the *.pfx, how do I enabled it?from the rule publishing?rgds, Krisna
May 6th, 2010 3:45pm
Hi,
For question 2: it won't be a problem.
"In most cases, Exchange selects a certificate issued by a trusted CA over a self-signed certificate regardless of the age of the certificate "
More information:
Certificate Use in Exchange Server 2007
http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx
If you really don't want to see self signed certification again, you can remove it.
Remove-ExchangeCertificate
http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx
By the way, I think there is only one IIS services enabled.
Frank Wang
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2010 12:37pm