+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Exchange 2007 SSL Cert Generation in Technical; I need to generate a new SSL cert for our exchange 2007 box however I can't remember what goes where ...
  1. #1
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,218
    Thank Post
    230
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    31

    Exchange 2007 SSL Cert Generation

    I need to generate a new SSL cert for our exchange 2007 box however I can't remember what goes where anymore we have a wildcard cert but this isn't allowed by exchange I believe so here the example.

    Server Name Internally exch.domain.internal, exch (netbios), Externally its exch.school.lea.sch.uk

    In the following boxes is this right?


    Common Name: exch.domain.internal

    Subject Alternative Names:
    exch.domain.internal
    exch
    exch.school.lea.sch.uk

    Organization: our school
    Department: IT Services
    City:Walsall
    State:West Midlands
    Country:United Kingdom
    Key Size:2048




    Wes

  2. #2
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 10 Times in 10 Posts
    Rep Power
    18
    If the cert is being used for you external users web mail, should the common name be exch.school.lea.sch.uk? other wise the cert wont match the url outside the network.

  3. Thanks to ezzauk from:

    wesleyw (10th August 2010)

  4. #3
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 10 Times in 10 Posts
    Rep Power
    18
    Our setup would be somethink like:

    CN: mail.college.ac.uk
    SN: mail.college.ac.uk
    ORG: College
    Dept: IT Services
    City: Redditch
    Cou: UK

    Also you need to import the cert using the powershell:
    Import-ExchangeCertificate -path c:\mailcrt.pem | Enable-ExchangeCertificate -Services IMAP, POP, IIS

    I also had to enable the new cert after i imported it:

    Enable-ExchangeCertificate -Thumbprint {thumbprint of new cert} -Services IMAP, POP, IIS

    I hope this helps

  5. Thanks to ezzauk from:

    wesleyw (10th August 2010)

  6. #4
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,218
    Thank Post
    230
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    31
    Well we'll be using the setup internally as well however some may just use the internal name not the external will I have to modify it to allow this?

    Wes

  7. #5
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 10 Times in 10 Posts
    Rep Power
    18
    Our internal user use the same url ie mail.college.ac.uk, we dont use the internal url.

  8. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,447
    Thank Post
    1,537
    Thanked 1,069 Times in 934 Posts
    Rep Power
    305
    No you will be fine, just make the external work as you can make it a trusted site internally to rid users of warnings thats its an invalid SSL, I did that at work and it didnt' cause any issues and no-one noticed.

    BUT You may find that with your SAN on your certificate that you may have enough names to put your internal name on it as well which is one way around it, they realise that they dont need to verify exch.school.internal so just approve that bit that may help you out as iwth Exchange 2007 and 2010 you need multiple names on the SSL certificate

  9. #7
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,726
    Thank Post
    176
    Thanked 229 Times in 211 Posts
    Rep Power
    69
    Was looking into this the other week, this site was pretty handy...

    https://www.digicert.com/easy-csr/exchange2007.htm

  10. #8

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,457
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192
    From this thread: How to create a certificate request for an Exchange 2007 UCC

    yourdomain.ac.uk
    servername.yourdomain.ac.uk
    servername
    autodiscover.yourdomain.ac.uk

    So would you not have:

    domain.lea.sch.uk
    exch.school.lea.sch.uk
    exch
    exch.domain.internal
    autodiscover.lea.sch.uk



SHARE:
+ Post New Thread

Similar Threads

  1. Exchange 2007 - UCC Cert required?
    By pantscat in forum Windows
    Replies: 4
    Last Post: 20th May 2010, 09:18 PM
  2. SSL for Exchange 2007
    By chazzy2501 in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 26th January 2010, 05:17 PM
  3. GoDaddy UCC Cert not playing ball with Exchange 2007
    By DrPerceptron in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 24th December 2009, 07:51 PM
  4. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 01:21 PM
  5. Replies: 1
    Last Post: 18th April 2008, 10:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •