Configuring Certificates in Exchange Server 2010


Install the AD CS Server role and configure it as an Enterprise root Certificate Authority (CA)
1. On the KTM-EX01-2K10, Open Server Manager.

2. On the Server Manager console pane, right-click Roles, and then click Add Roles. The Add Roles Wizard appears.

3. On the Before You Begin page, click Next.

4. On the Select Server Roles page, under Roles, select the Active Directory Certificate Services check box, and then click Next.

5. On the Introduction to Active Directory Certificate Services page, click Next.

6. On the Select Role Services page, ensure that the Certification Authority check box is selected and select Certification Authority Web Enrollment check box, and then click Next.

7. On the Specify Setup Type page, ensure that the Enterprise is selected and then click Next.

8. On the Specify CA Type page, ensure that Root is selected, and then click Next.

9. On the Set Up Private Key page, ensure that Create a new private key is selected, and then click Next.

10. On the Configure Cryptography for CA page, keep the default selections for Cryptographic Service Provider (CSP) and Hash Algorithm, ensure the Key character length to 2048. Click Next to continue.

11. On the Configure CA Name page, in the Common name for this CA box, type MSserverproCA, and then click Next.

12. On the Set Validity Period page, click Next.

13. On the Configure Certificate Database page, click Next.

14. On the Web Server (IIS) page, click Next.

15. On Select Role Services page, click Next.

16. On the Confirm Installation Selections page, click Install. The Installation Progress page appears.


17. On the Installation Results page, click Close.

Now we are going to Configure Exchange Server Certificate:
Prepare a Server Certificate request:

1. In the left pane, click Server Configuration. In the result pane, click KTM-EX01-2K10.
2. In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard.

3. On the Introduction page, type MSSERVERPRO Mail Certificate as a friendly name for the certificate, and then click Next.

4. On the Domain Scope page, click Next.

5. On the Exchange Configuration page, expand Client Access Server (Outlook Web App), and then select both the Outlook Web App is on the Intranet and Outlook Web App is on the Internet check boxes, type mail.msserverpro.com in the text box.

6. Expand Client Access server (Exchange ActiveSync), and then verify that Exchange Active Sync is enabled check box is selected and verify mail.msserverpro.com as External host name for your organization. Then ensure that both the Autodiscover used on the Internet check box and the Long URL option are selected, and click Next. In the Autodiscover URL to use field, delete all entries except for autodiscover.msserverpro.com, and then click Next.

7. On the Certificate Domains page, click Next.

8. On the Organization and Location page, enter the following information, and Click Browse, type CertificateRequest as the File name, and then click Save. Click Next.

9. Click New and then click Finish.


Request the certificate from the CA:
1. Open CertificateRequest.reg Open with Notepad. In Notepad window, click Ctrl+A to select all the text, and then click Ctrl+C to copy.

2. Open the Internet Explorer, Connect to https://ktm-ex01-2k10.msserverpro.com/certsrv . Click Continue to this website (not recommended)

3. Log on as Administrator using password of *******

4. On the Welcome page, click Request a certificate.

5. On the Request a Certificate page, click advanced certificate request.

6. On the Advanced Certificate Request page, click Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file.

7. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request filed, and then press CTRL+V to paste the certificate request information into the field. In the Certificate Template drop-down list box, click Web Server, and then click Submit.

8. On the Web Access Confirmation dialog box, click Yes.

9. On the Certificate Issued page, click Download certificate.

10. In the File Download dialog box, click Save.

11. In the Save As dialog box, click Save.

12. In the Download Complete dialog box, click Open.

13. In the Certificate dialog box, on the Certification Path. Verify Certificate status, and then click OK.

Import and assign the IIS Exchange Service to the New Certificate:
1. In the Exchange Management console, click Server Configuration.

2. Click MSSERVER Mail Certificate, and in the Actions pane, click Complete Pending Request.
3. On the Complete Pending Request page, click Browse. Click certnew.cer and click Open. Click Complete.

4. On the Completion page, click Finish.

5. In the Exchange Management console, click Server Configuration. In the results pane, click KTM-EX01-2K8. In the bottom pane, click MSSERVERPRO Mail Certificate. In the Actions pane, click Assign Services to Certificate.

6. On the Select Servers page, verify that KTM-EX01-2K8 is listed, and then click Next.

7. On the Select Services page, select the Internet Information Services check box, click Next.

8. On the Assign Services page, Click Assign.

9. On the Completion page, click Finish.

Verify the Outlook Web Access :
1. On Client computer , Open Internet Explorer , type https://mail.msserverpro.com/owa  and press enter.


Comentarios

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Comando FOR para archivos BAT

How to Setup and Configure Your Own GitLab Server on Ubuntu 20.04