- Creating New Exchange certificate using Exchange management console and generating CSR to internal Domain controller to get SAN Certificate.
- Installing pre-requisites for CA Server.
- Installing the CA Server to get SAN certificate.
- Submitting the Exchange 2010 CSR to get SAN certificate.
- Installing SAN certificate to Exchange 2010 Trusted root.
- Complete the pending Exchange certificate using Exchange management console. (Importing Certificate)
- Enable exchange 2010 client services on SAN certificate.
Right then lets get started....
Click on New Exchange Certificate
from Server Configuration action console
Uncheck enable wildcard
certificate and click on next
Enter the external FQDN
which is registered which will be used for OWA
Enter the external FQDN
which is registered which will be used for ActiveSync
Enter the external FQDN
which is registered which will be used for Auto discover
Enter the external FQDN
which is registered which will be used for Exchange 2003/2007
Verify the FQDN and click on
next
Enter the Org. details and
give the path to save CSR, Click on next
Verify the completion and
observed the commands which is used via poweshell at backend.
Select IIS for Cert Server virtual directory
Click on certificate services and you will be prompted a
popup for warning
Click on yes for warning message.
Select enterprise root CA and click on next
Give the common as desired and click on next
Leave the default settings and click on next
Observe the progress
Observe the progress
Click on finish to complete
Verify the virtual directory is created on CA server.
Run the above command to enable SAN certificate generate
support for Windows 2003 CA server.
Login to CA server and browse local host giving the virtual
directory path and select request a certificate.
Select advanced certificate
Select 2nd option
Open the Exchange CSR into text file and copy it to saved
request
Copy and paste the Exchange, select webserver on
certificate template and click on submit
Select base 64 encoded and click on download certificate
chain
Save it to Exchange computer to complete the pending
request/Import which was generated from Exchange Server.
Import the certificate 1st
into Exchange computer trusted root zone.
Via EMC – Server
configuration – right click the newly created exchange cert and select complete
pending request.
Provide the certificate path to import in exchange server which has been
generated from root CA
Verify the path and click on complete the pending request.
Verify the completion and
click on finish
Make sure there is no error on the certificate console
Assign exchange client services to certificate
Select the server on which
to assign the services.
Select Imap, POP & IIS and click on next
Verify the command and click
on assign
Verify and click on finish
to complete
Verify the exchange client
services are assigned to the SAN certificate.
Run the above command to get
the Exchange Server certificate status.
There you go people....
No comments:
Post a Comment