Exchange 2007 Certificates
This is a brief post about setting up certificates in Exchange 2007.
What follows is a document which I send to people who are interested in setting up Subject Alternative Name certificates for Exchange 2007.
?
Open EMS and enter the following;
New-ExchangeCertificate ?GenerateRequest:$true -domainname email.domain.com,autodiscover.domain.com,hostname, internaldomain.com,hostname.internaldomain.com -FriendlyName ?Exchange SAN cert? – privatekeyexportable:$true ?path c:\ExchSANcert.txt
?
Submit to CA
Import-ExchangeCertificate ?Path c:\cascert.cer
?
Make a note of the Thumbprint
e.g. 2C9FB5F00EE88BA77D72FCA273C787728866BF1E
?
Enable the certificate as below:
Enable-ExchangeCertificate ?Thumbprint 2C9FB5F00EE88BA77D72FCA273C787728866BF1E ?Services ?IIS,POP,IMAP,SMTP?
?
Setup External URLs
Set-OABVirtualDirectory ?Identity “OAB (Default Web Site)” -ExternalUrl https://url.extdomain.com/OAB -RequireSSL:$true
Set-UMVirtualDirectory ?Identity “UnifiedMessaging (Default Web Site)” -ExternalUrl https:// url.extdomain.com /UnifiedMessaging/Service.aspx
Set-WebServicesVirtualDirectory ?Identity “EWS (Default Web Site)” -ExternalUrl https:// url.extdomain.com /EWS/Exchange.asmx
?
Setup the DNS records for external Autodiscover
Autodiscover.extdomain.com
Point to the external IP address (port 443) on the CAS server
?
?
It has recently come to my attention that when you are submitting these requests to an External CA you need to get the correct subject name too!
Take a look at the MSExchangeTeam blog here for more info:
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
?
Hope this helps people understand this rather tricky area!
Cheers
Nathan
Leave a Reply