Exchange Server Internal Certificate
Hi
I have windows 2008 R2 Domain and Exchange 2010 . So to use OWA internal, need the Certificate.( without SSL error page)
So how do i setup that?
AS
May 22nd, 2012 9:53am
Exchange 2010 installation with create a self signed cert issued by the Exchange server itself which you can get to locally using
https://CASserver/owa. However your clients will get a cert warning since it's not inherently trusted. You need to get an external SSL cert with all the required SAN names.
autodiscover.company.com
webmail.company.com
exchangeservername.company.local (optional)
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 11:08am
Create the certificate request in IIS console of CAS. Process the request in a CA. Complete the CR in CAS. Edit the site bindings to use the certificate in OWA in IIS. Install the certificate in the clients.Regards from www.windowsadmin.info | www.blog.windowsadmin.info
May 22nd, 2012 11:13am
Exchange 2010 installation with create a self signed cert issued by the Exchange server itself which you can get to locally using
https://CASserver/owa. However your clients will get a cert warning since it's not inherently trusted. You need to get an external SSL cert with all the required SAN names.
autodiscover.company.com
webmail.company.com
exchangeservername.company.local (optional)
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 11:15am
Create the certificate request in IIS console of CAS. Process the request in a CA. Complete the CR in CAS. Edit the site bindings to use the certificate in OWA in IIS. Install the certificate in the clients.Regards from www.windowsadmin.info | www.blog.windowsadmin.info
May 22nd, 2012 11:20am
Hi All,
I got one Exchange servr with all in one. And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install
AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything?
AS
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 10:17pm
Don't worry if you didnt add exchangeservername.company.local. What do you mean do you have to install AD CS on PDC and issue cert? Did you get the cert from a third party ie godaddy, verisign etc? If so you need to finish off the request from the Exchange
server. Yes you can use wildcard but those are typically more expensive and they require a bit more tweaking to get certain services to work.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
May 23rd, 2012 11:22am
Hi All,
And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything?
Hi AS,
Do you mean you got a 3rd party SSL certificate but not for "exchangeservername.company.local", however, you want your internal users to access OWA via
https://exchangeservername.company.local/owa?
If yes, and since end user only use OWA internally, a certificate issued by internal CA is enough(domain-joined clients will trust internal root CA automatically).
You can follow the below link:
How to Issue a SAN Certificate to Exchange Server 2010 from a Private Certificate Authority
http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority
If you want to use 3rd party certificate, you have to contact the certificate issuer to renew the certificate.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 10:54pm
Hi All,
And i got the SSL for rest but not for "exchangeservername.company.local" So do i have to install AD CS on PDC and issued the certificate? this is the part i stuck? or get the wildcard SSL for everything?
Hi AS,
Do you mean you got a 3rd party SSL certificate but not for "exchangeservername.company.local", however, you want your internal users to access OWA via
https://exchangeservername.company.local/owa?
If yes, and since end user only use OWA internally, a certificate issued by internal CA is enough(domain-joined clients will trust internal root CA automatically).
You can follow the below link:
How to Issue a SAN Certificate to Exchange Server 2010 from a Private Certificate Authority
http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority
If you want to use 3rd party certificate, you have to contact the certificate issuer to renew the certificate.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
Frank Wang
TechNet Community Support
May 23rd, 2012 10:55pm
Hi AS,
Any updates?Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2012 9:54pm