Wednesday, October 23, 2013

How to Use a Self Signed Certificate in Exchange 2010

Using a Self Sign Certificate can Manage OWA alone, but issuing an Internal Windows CA Certificate can serve all type of Clients

We can use a internal windows CA certificate with Exchange 2010 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS
First we will learn how to Export a Certificate request file from Exchange 2010 ,
Step 1:
image

Type a Friendly Name :

image


Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com
image
Step 2:
Assign the required Services for your Exchange , Give a Tick Mark
image

You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010
image
Step 3:
You will see the collection for URL’s
image
Step 4:
Fill out the Form – And set the location for the Cert Request file
image

image
Step 5:
Your request file would look like this

image
Open it via Notepad , because we need this content to generate a Certificate
image
Step 6:
You need to have this role installed to have a  Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)
image

Step 7:
Choose : Certification authority , Certification Authority Web Enrolment
image
Step 8:
Choose Enterprise
image
Step 9:
Choose Root CA
image


Step 10:
Create a new Private key
image

Step 11:
Have this Default with 2048 key Character length
image
Step 12:
Click Next
image

Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
image

Step 14:

image
Step 15:
Now if you Open IIS manager , you will see “CertSrv”  a Virtual Directory Created ,
Use the right side column “Browse *.443(https)
image

Step 16:
You would see a page like this , Choose Request a Certificate
image
Step 17:
Click on Advanced Certificate Request
image

Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC
image
Step 19:
Now Copy the  Note pad  -
Choose Template : WebServer
NOTE _ BELOW SCREEN SHOT _ CHOOSE TEMPLATE _ WEB SERVER
image
Step 20:

Choose “Base 64 encoded”
image
Step 21:
Save the Certificate
image image
Step 22:
Now go to your EMC
Server Configuration – Complete Pending request
image

Choose the Certificate :

image

Step 23:
Now Assign Services to the Certificate
image


image
Now the Server Part is ready

Step 24:

Now will learn how to install the Certificate in the Client End

Double Click on the Certificate
Click Install Certificate – Click Next –

image

Choose Personal -

image

Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
image
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
image

Step 25:

Before
image

After installing the Certificate in the Client
image

No comments:

Post a Comment