We will perform these steps to assign Exchange Services with our New Certificate:-
1. Create a Certificate Request (.req) file
2. Submit Request to the Certificate Authority
3. Attach Certificate the EMC
4. Assign Services to the Certificate
How to generate a Certificate Request File
1. Open the Exchange Management Console.
2. Click on Server configuration.
3. In the Action pane of right-side, click on New Exchange Certificate.
4. Enter any meaningful and friendly name for this new certificate in Introduction window.
5. In the Domain Scope window, select the Enable wildcard certificate
checkbox, if required. This is the recommended practices in Exchange
Server 2010 as it simplifies the certificate processing for sub-domains
as well. You can enter wildcard in the form of *.techpeoples.net. The downside of using wildcard are:
· It is expensive
· Security issues
· Windows
Mobile 5 and previous versions do not support wildcard certificates.
Only Windows mobile 6 and later versions have the support of wildcards.
For this article, we will not use the wildcards and click Next.
6.In the Exchange Configuration page, you can select a number of options for which you want to create a certificate. These options are:-
· Federal Sharing
· Client Access server (Outlook Web App)
· Client Access server (Exchange ActiveSync)
· Client Access server (Web Services, Outlook Anywhere, and Autodiscover)
· Client Access server (POP/IMAP)
· Unified Messaging
· Hub Transport server
· Legacy Exchange Server
Click Next once you have selected and configured the above requests.
7. In the Certificate Domain
page, you will be displayed the list of domains that will be added to
the certificate. These domains will be generated from the previous
window. You can also assign a common name to the domains; like in our
case we will select mail.techpeoples.net as our common name. Click Next when done.
8. In the Organization and Location page, enter Organization and Country details. Click on Browse to enter the location of the .req file and click Next.
9. Once you are sure with the Configuration Summary, click on New to complete the Exchange Certificate process.
10. Click Finish to close the window.
How to Submit Request to the Certificate Authority
Next step is sending the request to any Certificate Authority (Internal/.External).
1. Open the .req file saved above and Copy all the contents.
2. Open the Certificate Services page, by opening the Internet Explorer and enter the http://localhost/certsrv URL.
3. Click on the Request a certificate task option.
4. Click on the advanced certificate request on the next screen.
5. On the Advanced Certificate Request page, click on the base-64 encoded link.
6. Paste the contents of .cer file in the Saved Request box.
7. In the Certificate Template, select the Web Server and click on Submit.
8. Depending
upon your Certificate type, you will be issued the certificate. Next
step will be to download this certificate by clicking on the Download certificate link in Certificate Issued screen.
9. Save the .cer file to any location.
How to Attach Certificate in Exchange Management Console
1. Open the Exchange Management Console.
2. Click on the Server Configuration. You will see your certificate as Self Signed=Yes in the detail pane, which is not ideal.
3. Click on the Complete Pending Request option in the Action pane on the right-side.
4. In the Introduction page, enter the location of .cer file saved above.
5. Click on Complete.
6. Once the wizard is completed successfully, click on Finish to close the window.
7. Once done, you will see your certificate as Self Signed=False.
How to Sign the Certificate to the Services
As
you can see from the Exchange Certificate tab in Server Configuration
detail pane, no service is associated with our new certificate. To link services with our new certificate, perform below steps.
1. Open the Exchange Management Console.
2. Click on Server Configuration and in the Action pane, click in Assign Services to Certificate.
3. In the Select Servers window, select you server and click on Next.
4. Select the Services that you want to assign to your certificate. Followings are the services which you can select.
· Internet Message Access Protocol
· Post Office Protocol
· Simple Mail Transfer Protocol
· Internet Information Services
· Unified Messaging
5. Once you have selected the services, click on Assign.
6. A pop window will appear to overwrite the existing default SMTP certificate. Click on Yes.
7. On wizard is completed successfully, click on Finish to close the window.
8. Once wizard is closed, you can confirm the services associated with your certificate from the Exchange Certificates in the detailed pane of Server Configuration.
Certificate
has now been assigned to the Exchange Services; you can now enable
Outlook Anywhere, Configure External Client Access Domain and so on.
No comments:
Post a Comment