Using a Self Sign Certificate can Manage OWA alone, but issuing an Internal Windows CA Certificate can serve all type of Clients
We can use a internal windows CA certificate with Exchange 2010 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS
First we will learn how to Export a Certificate request file from Exchange 2010 ,
Step 1:
Type a Friendly Name :
Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com
Step 2:
Assign the required Services for your Exchange , Give a Tick Mark
You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010
Step 3:
You will see the collection for URL’s
Step 4:
Fill out the Form – And set the location for the Cert Request file
Step 5:
Your request file would look like this
Open it via Notepad , because we need this content to generate a Certificate
Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)
Step 7:
Choose : Certification authority , Certification Authority Web Enrolment
Step 8:
Choose Enterprise
Step 9:
Choose Root CA
Step 10:
Create a new Private key
Step 11:
Have this Default with 2048 key Character length
Step 12:
Click Next
Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
Step 14:
Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,
Use the right side column “Browse *.443(https)
Step 16:
You would see a page like this , Choose Request a Certificate
Step 17:
Click on Advanced Certificate Request
Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC
Step 19:
Now Copy the Note pad -
Choose Template : WebServer
NOTE _ BELOW SCREEN SHOT _ CHOOSE TEMPLATE _ WEB SERVER
Step 20:
Choose “Base 64 encoded”
Step 21:
Save the Certificate
Step 22:
Now go to your EMC
Server Configuration – Complete Pending request
Choose the Certificate :
Step 23:
Now Assign Services to the Certificate
Now the Server Part is ready
Step 24:
Now will learn how to install the Certificate in the Client End
Double Click on the Certificate
Click Install Certificate – Click Next –
Choose Personal -
Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
Step 25:
Before
After installing the Certificate in the Client
We can use a internal windows CA certificate with Exchange 2010 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS
First we will learn how to Export a Certificate request file from Exchange 2010 ,
Step 1:
Type a Friendly Name :
Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com
Step 2:
Assign the required Services for your Exchange , Give a Tick Mark
You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010
Step 3:
You will see the collection for URL’s
Step 4:
Fill out the Form – And set the location for the Cert Request file
Step 5:
Your request file would look like this
Open it via Notepad , because we need this content to generate a Certificate
Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)
Step 7:
Choose : Certification authority , Certification Authority Web Enrolment
Step 8:
Choose Enterprise
Step 9:
Choose Root CA
Step 10:
Create a new Private key
Step 11:
Have this Default with 2048 key Character length
Step 12:
Click Next
Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
Step 14:
Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,
Use the right side column “Browse *.443(https)
Step 16:
You would see a page like this , Choose Request a Certificate
Step 17:
Click on Advanced Certificate Request
Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC
Step 19:
Now Copy the Note pad -
Choose Template : WebServer
NOTE _ BELOW SCREEN SHOT _ CHOOSE TEMPLATE _ WEB SERVER
Step 20:
Choose “Base 64 encoded”
Step 21:
Save the Certificate
Step 22:
Now go to your EMC
Server Configuration – Complete Pending request
Choose the Certificate :
Step 23:
Now Assign Services to the Certificate
Now the Server Part is ready
Step 24:
Now will learn how to install the Certificate in the Client End
Double Click on the Certificate
Click Install Certificate – Click Next –
Choose Personal -
Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
Step 25:
Before
After installing the Certificate in the Client
No comments:
Post a Comment