+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Exchange 2007 SSL Cert Generation in Technical; I need to generate a new SSL cert for our exchange 2007 box however I can't remember what goes where ...
  1. #1
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,202
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    29

    Exchange 2007 SSL Cert Generation

    I need to generate a new SSL cert for our exchange 2007 box however I can't remember what goes where anymore we have a wildcard cert but this isn't allowed by exchange I believe so here the example.

    Server Name Internally exch.domain.internal, exch (netbios), Externally its exch.school.lea.sch.uk

    In the following boxes is this right?


    Common Name: exch.domain.internal

    Subject Alternative Names:
    exch.domain.internal
    exch
    exch.school.lea.sch.uk

    Organization: our school
    Department: IT Services
    City:Walsall
    State:West Midlands
    Country:United Kingdom
    Key Size:2048




    Wes

  2. #2
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    If the cert is being used for you external users web mail, should the common name be exch.school.lea.sch.uk? other wise the cert wont match the url outside the network.

  3. Thanks to ezzauk from:

    wesleyw (10th August 2010)

  4. #3
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    Our setup would be somethink like:

    CN: mail.college.ac.uk
    SN: mail.college.ac.uk
    ORG: College
    Dept: IT Services
    City: Redditch
    Cou: UK

    Also you need to import the cert using the powershell:
    Import-ExchangeCertificate -path c:\mailcrt.pem | Enable-ExchangeCertificate -Services IMAP, POP, IIS

    I also had to enable the new cert after i imported it:

    Enable-ExchangeCertificate -Thumbprint {thumbprint of new cert} -Services IMAP, POP, IIS

    I hope this helps

  5. Thanks to ezzauk from:

    wesleyw (10th August 2010)

  6. #4
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,202
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    29
    Well we'll be using the setup internally as well however some may just use the internal name not the external will I have to modify it to allow this?

    Wes

  7. #5
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    Our internal user use the same url ie mail.college.ac.uk, we dont use the internal url.

  8. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    No you will be fine, just make the external work as you can make it a trusted site internally to rid users of warnings thats its an invalid SSL, I did that at work and it didnt' cause any issues and no-one noticed.

    BUT You may find that with your SAN on your certificate that you may have enough names to put your internal name on it as well which is one way around it, they realise that they dont need to verify exch.school.internal so just approve that bit that may help you out as iwth Exchange 2007 and 2010 you need multiple names on the SSL certificate

  9. #7
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,604
    Thank Post
    154
    Thanked 205 Times in 190 Posts
    Rep Power
    64
    Was looking into this the other week, this site was pretty handy...

    https://www.digicert.com/easy-csr/exchange2007.htm

  10. #8

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    6,875
    Thank Post
    393
    Thanked 581 Times in 532 Posts
    Rep Power
    173
    From this thread: How to create a certificate request for an Exchange 2007 UCC

    yourdomain.ac.uk
    servername.yourdomain.ac.uk
    servername
    autodiscover.yourdomain.ac.uk

    So would you not have:

    domain.lea.sch.uk
    exch.school.lea.sch.uk
    exch
    exch.domain.internal
    autodiscover.lea.sch.uk

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange 2007 - UCC Cert required?
    By pantscat in forum Windows
    Replies: 4
    Last Post: 20th May 2010, 08:18 PM
  2. SSL for Exchange 2007
    By chazzy2501 in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 26th January 2010, 04:17 PM
  3. GoDaddy UCC Cert not playing ball with Exchange 2007
    By DrPerceptron in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 24th December 2009, 06:51 PM
  4. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  5. Replies: 1
    Last Post: 18th April 2008, 09:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •