+ Post New Thread
Results 1 to 12 of 12
How do you do....it? Thread, How to create a certificate request for an Exchange 2007 UCC in Technical; This will be of some use to those of you thinking of moving to Exchange 2007 in the near future ...
  1. #1

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,470
    Thank Post
    525
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575

    How to create a certificate request for an Exchange 2007 UCC

    This will be of some use to those of you thinking of moving to Exchange 2007 in the near future and allowing external access to Outlook Web Access and other features.
    Because Exchange 2007 relies of a different certificate type, the Unified Communications Certificate, which has 'alternative' credentials i.e. the certificate contains multiple host names.

    As you will have to order your certificate online you will first need to generate the certificate request, and Microsoft wanting to make things easy insist that you have to use the Exchange Management Shell to generate it. You should use the following command (ensuring you are logged on as an Exchange administrator):

    New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=servername, CN=exchange.yourdomain.ac.uk" -Path c:\certreq.req
    This should generate the text you need to paste into the online order form.
    The forms should also ask you for the alternative names you will need. These should reflect the server name, domain name, external FQDN name and the new 'autodiscover' url as shown below:

    yourdomain.ac.uk
    servername.yourdomain.ac.uk
    servername
    autodiscover.yourdomain.ac.uk
    webalias.yourdomain.ac.uk (in case you use a reverse proxy or different external name for your server)

    These reflect the services and roles both internal and external that Exchange 2007 uses SSL for.
    I just thought you should be aware of all of this before you begin to migrate.

  2. 2 Thanks to Dos_Box:

    FragglePete (16th March 2009), john (31st October 2008)

  3. #2
    buzzard's Avatar
    Join Date
    May 2006
    Location
    North West
    Posts
    291
    Thank Post
    100
    Thanked 27 Times in 23 Posts
    Rep Power
    24
    sound like you had fun over half term

  4. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,470
    Thank Post
    525
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575
    It was hell. There is a LOT that you need to do before Exchange 2007 wants to play correctly, and most of it seems to be undocumented.
    Microsoft, as usual were excellent with their professional support, but the big one is that people need to be aware they need the correct certificate (the UCC cert) or else it simply won't bother to do everything you need it to.

  5. #4
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    22
    Quote Originally Posted by Dos_Box View Post
    It was hell. There is a LOT that you need to do before Exchange 2007 wants to play correctly, and most of it seems to be undocumented.
    Microsoft, as usual were excellent with their professional support, but the big one is that people need to be aware they need the correct certificate (the UCC cert) or else it simply won't bother to do everything you need it to.
    Quoted for truth, Exchange 2007 is a nightmarish setup, especially with regards to certificates, let alone the fact that you MUST run it on 64bit machines, and all the other fiddly pre-requisites required.

  6. #5
    Ben_Stanton's Avatar
    Join Date
    Jan 2007
    Location
    Hertfordshire
    Posts
    420
    Thank Post
    9
    Thanked 14 Times in 13 Posts
    Rep Power
    17
    Despite all of the above, I LOOOOVE it!

    But then I didn't really migrate from an existing email server. I literally left the old 'mailgate/eudora' shite running as a legacy server. Simply telling everybody it will be there for a year for archival purposes and that is it. As of whateber date, outlook and exchange is what we will be using.

    Was accepted surprisingly well

  7. #6

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    860
    Thank Post
    273
    Thanked 130 Times in 110 Posts
    Blog Entries
    26
    Rep Power
    39
    Sorry to drag up an old thread.

    Just installed Exchange 2007 at the moment, and now just getting the external OWA access working so sorting out certificates and stuff.

    Useful info from Dos_box regarding requesting the certificate, which is detailed quite nicely here:

    https://support.comodo.com/index.php...articleid=1143

    However, can someone clear something up for me. Is this just what I need, or do I need an additional certificate for the IIS Side of things? Or will a UCC Certificate look after all of it for me? Reading all the books that I have go on about installing a SSL Certificate within the IIS Manager, and don't really mention the procedure that is detailed above.

    Thanks in advance.

    Pete

  8. #7

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,470
    Thank Post
    525
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575
    A universal communications certificate is an SSL cert that allows you to have multiple entries for all names (internal and external) that you connect to your exchange server with. You simply install the certificate at the root of your exchange servers IIS and it will cover everything. If you are using Server 2008 and IIS look for the 'Bindings' option on the R\H\S of the IIS layout. You use this to change the SSL certificate being used.

  9. Thanks to Dos_Box from:

    FragglePete (16th March 2009)

  10. #8

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    860
    Thank Post
    273
    Thanked 130 Times in 110 Posts
    Blog Entries
    26
    Rep Power
    39
    Thanks, found this quite useful as well......

    https://www.digicert.com/easy-csr/exchange2007.htm

    Creates your CSR Command for you.

    Pete

  11. #9

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    16
    Great info here - just out of interest for those of you that have them, where did you get your UCC from and roughly how much did you pay (if you don't mind sharing!).

    Thanks.

  12. #10

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    16
    Anyone?!

  13. #11
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,110
    Thank Post
    75
    Thanked 111 Times in 93 Posts
    Rep Power
    65
    Got our with "Go Daddy" https://www.godaddy.com/gdshop/ssl/ssl.asp for around 180 for 3 years

  14. #12

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    860
    Thank Post
    273
    Thanked 130 Times in 110 Posts
    Blog Entries
    26
    Rep Power
    39
    Got ours from SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits which is free for education domains.

    Not entirely convinced it's a proper UCC certificate, but I generated the request as detailed above and have managed to get it working with our Exchange 2007 box (eventually). OWA is secured quite nicely with 2048bit encryption

    Pete

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange 2003 and Exchange 2007
    By faza in forum How do you do....it?
    Replies: 15
    Last Post: 8th April 2009, 10:15 AM
  2. Replies: 0
    Last Post: 12th September 2008, 09:34 AM
  3. renew exchange certificate
    By browolf in forum Windows
    Replies: 2
    Last Post: 24th June 2008, 03:23 PM
  4. Upgrading exchange 2003 to Exchange 2007
    By ful56_uk in forum Windows
    Replies: 1
    Last Post: 15th April 2008, 08:36 AM
  5. Exchange 2007 sp1 just killed my exchange
    By everton4europe in forum Windows
    Replies: 3
    Last Post: 16th January 2008, 05:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •