Enterprise Software Thread, Installed SSL certificate for OWA, but Outlook is trying to use it internally in Technical; Originally Posted by sidewinder
Yes but we're an independent school, would they still issue one?
Yep any educational institution
3rd February 2012, 09:50 AM #16
Originally Posted by sidewinder
Yep any educational institution
for a san cert, you need to create the the cert request (so for you in exchange with at the end of the wizard you should have all you san names)
apply for the cert order order, has soon as soon as you get your cert order email with the order number make a support ticket and state you would like a free san cert and write down the following san name you need along with your order number.
Last edited by pritchardavid; 3rd February 2012 at 09:54 AM.
8th April 2013, 11:31 AM #17
help, I'm about to make a cert request but need some pointers on the last few fields. I've half filled it in but I think I need to make an ldap request to make sure I fill in the last few fields correctly.
c should equal UK?
New-ExchangeCertificate -GenerateRequest -DomainName bemail.beaminster.dorset.sch.uk, autodiscover.beaminster.dorset.sch.uk, exchange.dcc-sch-4505.local, exchange -FriendlyName beaminsterschexchange -KeySize 1024 -PrivateKeyExportable:$True -SubjectName "c=US o=contoso inc, CN=server01.contoso.com" -Path c:\certrequest.txt
o ? I can't find organisation in Active directory?
cn should equal the servers local or public name?
external name bemail.beaminster.dorset.sch.uk
internal name exchange.dcc-sch-4505.local
I don't have the autodiscover service working (I think) but I don't see the harm in including it. All my 2003 and 2010 outlook clients work fine as do the owa clients. I have to set them up by hand but no biggie.
Last edited by chazzy2501; 8th April 2013 at 11:41 AM.
8th April 2013, 12:28 PM #18
Personally I would not do it this way. I would advise you if you haven't all ready is to add "beaminster.dorset.sch.uk" as a DNS zone in your internal DNS server(s). Add the bemail as a A Record in that zone. You can then configure your Exchange server to use the same name internally and externally (bemail.beaminster.dorset.sch.uk), this will make it a ton easier being the same. Personally to make sure you have not gone wrong with powershell code, you can create the SSL cert the the Exchange console.
Last edited by pritchardavid; 8th April 2013 at 12:30 PM.
8th April 2013, 02:40 PM #19
@pritchardavid Yes, that is the way for single name certs. Which I now realize I have todo as the UC certs are not free
Do I have to setup a DNS Zone? I can already ping bemail.beaminster.dorset.sch.uk locally and get the local ip address. (and I can RDP to it using bemail)
This may upset my outlook clients as they connect to exchange.dcc-sch-4505.local ?
10th April 2013, 01:10 PM #20
What is your internal domain? Is it... dcc-sch-4505.local? What did you request/got for your certificate in the end? Advantages of using the internal DNS zone is it quicker (doesn't have to access the I internet to find DNS records)
By gtg93 in forum Windows
Last Post: 26th July 2013, 03:20 PM
By Dos_Box in forum Wireless Networks
Last Post: 29th April 2013, 04:26 PM
By brianflhome in forum Web Development
Last Post: 25th November 2010, 01:50 PM
By jdibsdale in forum Windows
Last Post: 29th May 2009, 07:40 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)