How do you do....it? Thread, How to create a certificate request for an Exchange 2007 UCC in Technical; This will be of some use to those of you thinking of moving to Exchange 2007 in the near future ...
30th October 2008, 04:09 PM #1
How to create a certificate request for an Exchange 2007 UCC
This will be of some use to those of you thinking of moving to Exchange 2007 in the near future and allowing external access to Outlook Web Access and other features.
Because Exchange 2007 relies of a different certificate type, the Unified Communications Certificate, which has 'alternative' credentials i.e. the certificate contains multiple host names.
As you will have to order your certificate online you will first need to generate the certificate request, and Microsoft wanting to make things easy insist that you have to use the Exchange Management Shell to generate it. You should use the following command (ensuring you are logged on as an Exchange administrator):
This should generate the text you need to paste into the online order form.
New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=servername, CN=exchange.yourdomain.ac.uk" -Path c:\certreq.req
The forms should also ask you for the alternative names you will need. These should reflect the server name, domain name, external FQDN name and the new 'autodiscover' url as shown below:
webalias.yourdomain.ac.uk (in case you use a reverse proxy or different external name for your server)
These reflect the services and roles both internal and external that Exchange 2007 uses SSL for.
I just thought you should be aware of all of this before you begin to migrate.
2 Thanks to Dos_Box:
FragglePete (16th March 2009), john (31st October 2008)
3rd November 2008, 03:35 PM #2
sound like you had fun over half term
3rd November 2008, 04:00 PM #3
It was hell. There is a LOT that you need to do before Exchange 2007 wants to play correctly, and most of it seems to be undocumented.
Microsoft, as usual were excellent with their professional support, but the big one is that people need to be aware they need the correct certificate (the UCC cert) or else it simply won't bother to do everything you need it to.
4th November 2008, 09:20 AM #4
Quoted for truth, Exchange 2007 is a nightmarish setup, especially with regards to certificates, let alone the fact that you MUST run it on 64bit machines, and all the other fiddly pre-requisites required.
Originally Posted by Dos_Box
4th November 2008, 01:47 PM #5
Despite all of the above, I LOOOOVE it!
But then I didn't really migrate from an existing email server. I literally left the old 'mailgate/eudora' shite running as a legacy server. Simply telling everybody it will be there for a year for archival purposes and that is it. As of whateber date, outlook and exchange is what we will be using.
Was accepted surprisingly well
16th March 2009, 01:28 PM #6
Sorry to drag up an old thread.
Just installed Exchange 2007 at the moment, and now just getting the external OWA access working so sorting out certificates and stuff.
Useful info from Dos_box regarding requesting the certificate, which is detailed quite nicely here:
However, can someone clear something up for me. Is this just what I need, or do I need an additional certificate for the IIS Side of things? Or will a UCC Certificate look after all of it for me? Reading all the books that I have go on about installing a SSL Certificate within the IIS Manager, and don't really mention the procedure that is detailed above.
Thanks in advance.
16th March 2009, 01:53 PM #7
A universal communications certificate is an SSL cert that allows you to have multiple entries for all names (internal and external) that you connect to your exchange server with. You simply install the certificate at the root of your exchange servers IIS and it will cover everything. If you are using Server 2008 and IIS look for the 'Bindings' option on the R\H\S of the IIS layout. You use this to change the SSL certificate being used.
Thanks to Dos_Box from:
FragglePete (16th March 2009)
16th March 2009, 03:02 PM #8
Thanks, found this quite useful as well......
Creates your CSR Command for you.
22nd April 2009, 11:03 AM #9
- Rep Power
Great info here - just out of interest for those of you that have them, where did you get your UCC from and roughly how much did you pay (if you don't mind sharing!).
27th April 2009, 04:20 PM #10
27th April 2009, 04:30 PM #11
Got our with "Go Daddy" https://www.godaddy.com/gdshop/ssl/ssl.asp for around £180 for 3 years
27th April 2009, 07:42 PM #12
Got ours from SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits which is free for education domains.
Not entirely convinced it's a proper UCC certificate, but I generated the request as detailed above and have managed to get it working with our Exchange 2007 box (eventually). OWA is secured quite nicely with 2048bit encryption
By faza in forum How do you do....it?
Last Post: 8th April 2009, 11:15 AM
By timbo343 in forum Windows
Last Post: 12th September 2008, 10:34 AM
By browolf in forum Windows
Last Post: 24th June 2008, 04:23 PM
By ful56_uk in forum Windows
Last Post: 15th April 2008, 09:36 AM
By everton4europe in forum Windows
Last Post: 16th January 2008, 06:01 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)