Hi, I have setup a lab environment with Exchange 2007, and I have an internal PKI. When i logon with a user within outlook 2010, they are shown a certificate from exchange that exchange has generated, and ofcourse this is not trusted. So how do I publish a Exchange certificate from my internal PKI to Exchange so it will automatically trust this ? Thanks for reply Regards Ole

1. Request new certicate on exchange 2007 ( while requesting use SAN names like mbx1.domain.local , mail.domain.com, all the names of servers and public url) 2. Submit the request to CA and get the certificate from CA 3. Install MBX servers Please look at the blog for detailed steps http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx note: why do u have ex2007 in lab, if possible play around with ex2010 for lab purpose Thanks Uday Kiran, Senior Consultant Cyquent Technology Consultants, Dubai Please Mark as answer if it helps you

Hi, On my exchange I have the following certificate in local computer certificate: server authentication with friendly name Microsoft Exchange Do I haveto request a new computer certificate, if im suppose to request any special exchange certificate then i guess i need to publish something on my ca ? Could i just import the exchange selv created certificate on the root ca so it will be trusted ? Regards Ole

Use the DigiCert CSR Tool to generate a PowerShell request Exchange 2007 SSL CSR Command Wizard https://www.digicert.com/easy-csr/exchange2007.htm Read here how to submit the request to your own CA and apply the certificate to Exchange. Load Balancing Exchange 2007 Client Access Servers using Windows Network Load-Balancing Technology – Part 3: Creating Certificates and Testing Client Services http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/load-balancing-exchange-2007-client-access-servers-windows-network-technology-part3.html Read here if you want to dig further into Exchange 2007 certificates (which do apply for Exchange 2010 as well) Managing Exchange Certificates http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-certificates.html MCTS: Messaging | MCSE: S+M

By default Exchange comes with a self-signed cert. You need to replace this with either a public one or one generated from your internal PKI. Here are some articles to help: http://technet.microsoft.com/en-us/library/aa995942(EXCHG.80).aspx 1.Use the New-ExchangeCertificate cmdlet to create a certificate request file. 2.Send this file to a Windows Certificate Services certification authority and use the Web server template on the Certification Authority page. This will result in a .cer file that can be imported to the Client Access server. 3.Use the Get-ExchangeCertificate cmdlet to determine the thumbprint for your certificate. 4.After you have imported the certificate, you can assign it to IIS, IMAP4, and POP3 by using the Enable-ExchangeCertificate cmdlet.Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington

Hi, I have created the file request, but im not with you regarding section 2, do i need to enable web enrollment ? Regards Ole

Hi, I have created the file request, but im not with you regarding section 2, do i need to enable web enrollment ? Regards Ole I guess that is why not my autodiscover is not working, becuase i have issues with the certificates, could i be right ? Regards Ole

Thanks for help. I got it working. But i still have issues with autodiscover :( Have added dns entry, but it still failes. Regards Ole

Wow, now EWS is working,... we you guys made my day :) Thanks Regards Ole

Hi, For more information about certificate, please refer to the article ‘Certificate Use in Exchange Server 2007’: http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx ThanksPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.