Submitted the req file..But i am unable find in the issued certificate..
Hello Team,
We have deployed new active directory server and installed Enterprise Certificate authority in it.
Installed Exchange CAS&HUB sever in seprate box and Mailbox in seperate box. Logged in CAS server and clicked on submit new request in EMC for certificate. Selected the services and provided the SAN name. Then it asked to save the .req file. Saved it.
Now logged into domain controller and open CA console. Submitted the req file..But i am unable find in the issued certificate..
I am got stucked in middle of implementationExchange Queries
June 28th, 2012 4:07am
Hi,
You should be able to finde the issued certificate in the CA console as well. If not try to use the web part of the CA and do it from here (import the req and export the certificate)
Leif
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2012 4:12am
No it is not working on both console as well as web...i have done this so many timeExchange Queries
June 28th, 2012 4:33am
No it is not working on both console as well as web
Hi,
Did you request the certificate as following blog listed?
Exchange 2007 Creating a Certificate through an Internal CA with Subject Alternate Names
http://b41n5.wordpress.com/2010/07/15/exchange-2007-creating-a-certificate-through-an-internal-ca-with-subject-alternate-names/
Please make sure CA is working first, how about Download a CA certificate,certificate chain,or CRL?Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2012 2:16am
Thanks Frank, Found that CA server certificate is not got published on the Exchange Trusted Root ceritificate. Hence we imported the CA Server Certificate in the Exchange server and it started to work. But now we are planning to go for External CA - Comoda
certificate.
Kindly let me know will we need to publish all our SAN ( webmail.test.com, Autodiscover.mail.com, server1.mail.com, server2.mail.com, server1, server2)
And will it be a best praticse to use the external comodo certificate for both internal and external access of exchange server) with 2048 key bit.Exchange Queries
July 1st, 2012 3:10am
Yes, it is better to use the 3rd party certificate. If you use internal CA, you should make sure the clients trust the CA, either by using group policy or by importing manually.
About for generating a certificate with a 3rd party CA, please see the following Exchange team blog:
Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspxFrank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2012 11:40pm
One question! :)
I'll ask about your CAS namespace planning here, and why you want all those names on the cert. Vendors will typically charge per name, or you choose a cert bundle that has X number of names within it. They will also block you issuing a cert to
test.com (not sure exactly what you are using for the domain name) but mixing multiple domain names into a single certificate will be a challenge if not an outright refusal from the vendor. Just because you do it internally with your own CA does not
meant that they will do it.
As to the names that you need, this goes back to how you planned the CAS namespaces. What URLs are you using internally, what URLs are you using externally. Do you have multiple data centres, how are you doing DR etc.....
Some light reading here:
http://technet.microsoft.com/en-us/library/dd351198.aspx
OH - and the CASArray name does not have to be on the cert, and the name you use for the CASArray should NOT resolve in external DNS. Read these
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
and then part 2.
Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
July 2nd, 2012 1:06pm
Hi Exchange Queries,
Any updates?Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 10:04pm