Exchange 2010 Manages Certificates through GUI

Exchange Server administration forum
Post Reply
ManU
Founder
Founder
Posts: 98
Joined: Sat Sep 26, 2009 9:57 am
Location: India
Contact:

Exchange 2010 Manages Certificates through GUI

Post by ManU » Tue Jan 11, 2011 12:24 pm

In Exchange 2007, we used Exchange Management Shell cmdlets Get-ExchangeCertificate, New-ExchangeCertificate, Import-ExchangeCerticate, Enable-ExchangeCertificate and so on and faced some issues in between.
In Exchange 2010, Microsoft has made a very nice Exchange Certificate management interface, that allows you to create a Certificate Requets using the GUI, import an Exchange Certifcicate, and enable an Exchange Certificate for any service of choice.
This article gives a look on the scenario in the 4 steps as below:

1.Create a Certificate Request (.req) file
2.Submit Request to the Certificate Authority
3.Attach Certificate the EMC
4.Assign Services to the Certificate


1. Generate a Certificate Request File

1. Open Exchange Management Console.
2. Select Server configuration.
3. In the Action pane, click on New Exchange Certificate as in screenshot:
The attachment fig11.png is no longer available
Enter any meaningful name in Introduction window and click Next.
5. In the Domain Scope window, select the Enable wildcard certificate checkbox, if required. This is the recommended practices in Exchange Server 2010 as it simplifies the certificate processing for sub-domains as well. You can enter wildcard in the form of *.mydomainname.com.
Here we will not use the wildcards and click Next.
6. In the Exchange Configuration page, select required options as below:-
The attachment fig12.png is no longer available
Click Next after selecting the needed features.
7. In the Certificate Domain page, you will be displayed the list of domains that will be added to the certificate. These domains will be generated from the previous window. You can also assign a common name to the domains; like in our case we will select mail.mydomain.com as our common name. Click Next when done.
8. In the Organization and Location page, enter Organization and Country details.
The attachment fig13.png is no longer available
Click on Browse to enter the location of the .req file and click Next.
9. Once you are sure with the Configuration Summary, click on New to complete the Exchange Certificate process.
10. Click Finish to close the window.

2. Submit Request to the Certificate Authority
Next step is sending the request to any Certificate Authority.
1. Open the .req file saved above and Copy all the contents.
2. Open the Certificate Services page, by opening the Internet Explorer and enter the http://localhost/certsrv URL and the page appears as below:
The attachment fig3.png is no longer available
3. Click on the Request a certificate task option.
4. Click on the advanced certificate request on the next screen.
fig12.png
fig12.png (307.38 KiB) Viewed 5184 times
5. On the Advanced Certificate Request page, click on the link which has got base-64 encoded text.
6. Paste the contents of .cer file in the Saved Request box as below:
fig4.png
fig4.png (18.57 KiB) Viewed 5184 times
7. In the Certificate Template, select the Web Server and click on Submit.
8. Next step will be to download this certificate by clicking on the Download certificate link in Certificate Issued screen.
fig6.png
fig6.png (14.71 KiB) Viewed 5184 times
9. Save the .cer file to any location.

3. Attach Certificate in Exchange Management Console
1. Open the Exchange Management Console.
2. Click on the Server Configuration. You will see your certificate as Self Signed=Yes in the detail pane
3. Click on the Complete Pending Request option in the Action pane on the right-side.
fig8.png
fig8.png (188.6 KiB) Viewed 5184 times
4. In the Introduction page, enter the location of .cer file saved above.
5. Click on Complete.
6. Once the wizard is completed successfully, click on Finish to close the window.
7. Once done, you will see your certificate as Self Signed=False.

4. Sign the Certificate to the Services
The Exchange Certificate tab in Server Configuration detail pane, no service is associated with the new certificate. To link services with our new certificate, perform the following steps:
1. Open the Exchange Management Console.
2. Click on Server Configuration and in the Action pane, click in Assign Services to Certificate.
3. In the Select Servers window, select you server and click on Next.
4. Select the Services that you want to assign to your certificate. Followings are the services you may select from:
fig9.png
fig9.png (181.36 KiB) Viewed 5184 times
5. Once you have selected the services, click on Assign.
6. A pop window may appear to overwrite any existing SMTP certificate as shown below. Click on Yes.
fig10.png
fig10.png (11.41 KiB) Viewed 5184 times
7. On wizard is completed successfully, click on Finish to close the window.
8. Once wizard is closed, you can confirm the services associated with your certificate from the Exchange Certificates in the detailed pane of Server Configuration.

Certificate has now been assigned to the Exchange Services; you can now enable Outlook Anywhere, Configure External Client Access Domain and so on
Thanks
MANU PHILIP
Microsoft MVP(Exchange Server)
| MCITP | MCTS | MCSA | ITIL V3 |
TechNet Forums Profile: ManU

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest