Exchange 2007 Certificates

This is a brief post about setting up certificates in Exchange 2007.

What follows is a document which I send to people who are interested in setting up Subject Alternative Name certificates for Exchange 2007.

?

Open EMS and enter the following;

New-ExchangeCertificate ?GenerateRequest:$true -domainname email.domain.com,autodiscover.domain.com,hostname, internaldomain.com,hostname.internaldomain.com -FriendlyName ?Exchange SAN cert? – privatekeyexportable:$true ?path c:\ExchSANcert.txt

?

Submit to CA

Import-ExchangeCertificate ?Path c:\cascert.cer

?

Make a note of the Thumbprint

e.g. 2C9FB5F00EE88BA77D72FCA273C787728866BF1E

?

Enable the certificate as below:

Enable-ExchangeCertificate ?Thumbprint 2C9FB5F00EE88BA77D72FCA273C787728866BF1E ?Services ?IIS,POP,IMAP,SMTP?

?

Setup External URLs

Set-OABVirtualDirectory ?Identity “OAB (Default Web Site)” -ExternalUrl https://url.extdomain.com/OAB -RequireSSL:$true

Set-UMVirtualDirectory ?Identity “UnifiedMessaging (Default Web Site)” -ExternalUrl https:// url.extdomain.com /UnifiedMessaging/Service.aspx

Set-WebServicesVirtualDirectory ?Identity “EWS (Default Web Site)” -ExternalUrl https:// url.extdomain.com /EWS/Exchange.asmx

?

Setup the DNS records for external Autodiscover

Autodiscover.extdomain.com

Point to the external IP address (port 443) on the CAS server

?

?

It has recently come to my attention that when you are submitting these requests to an External CA you need to get the correct subject name too!

Take a look at the MSExchangeTeam blog here for more info:

http://msexchangeteam.com/archive/2007/02/19/435472.aspx

?

Hope this helps people understand this rather tricky area!

Cheers

Nathan