How to Use a Self Signed Certificate in Exchange 2010

It seems to be certificate month here at the moment. I’ve had to setup a self signed certificate for a company so they can connect via SSL to both Outlook Web Access and Exchange 2010 using Outlook (2007/2010)

Something you should be aware of is that because these are “Self Signed” you will need to install the certificate(s) on every machine being used as well as Mobile devices. If you don’t you’ll continue to get a certificate error in the your browser.

You can rollout the certificate to the computers through Group Policy. You can see how to do this here.

So that’s why people prefer going for a 3rd party certificate to overcome it.

When using a Self Signed Certificate , for this to work Externally you need to have a CNAME record in your public DNS which points to your Public IP address to your CAS

First we need to export the Certificate request file from Exchange 2010

Step 1:
image

Type a Friendly Name :

image

Wild Card is used for Very Big Environment .For Example : *.Domain.com

image

Step 2:
Assign the required Services for your Exchange , Give a Tick Mark

image

You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010

image

Step 3:
You will see the collection for URL’s

image

Step 4:
Fill out the Form – And set the location for the Cert Request file

image

image

Step 5:

Your request file should look similar to this:
image

Open it via Notepad , because we need this content to generate a Certificate

image

Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self

image

Step 7:
Choose : Certification authority , Certification Authority Web Enrollment

image

Step 8:
Choose Enterprise

image

Step 9:
Choose Root CA

image

Step 10:
Create a new Private key

image

Step 11:
Have this Default with 2048 key Character length

image

Step 12:
Click Next

image

Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

image

Step 14:

image

Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,

Use the right side column “Browse *.443(https)

image

Step 16:
You would see a page like this , Choose Request a Certificate

image

Step 17:
Click on Advanced Certificate Request

image

Step 18:
Choose the Second option: “Submit a certificate request by using a base-64-Encoded CMC”

image

Step 19:
Now Copy the Note pad from the certificate request we got earlier – Choose Template : WebServer

image

Step 20:
Choose “Base 64 encoded”

image

Step 21:
Save the Certificate

image image

Step 22:
Now go to your EMC

Server Configuration – Complete Pending request

image

Chose the Certificate :

image

Step 23:

Now Assign Services to the Certificate (Note: If you find that you can’t assign services to the certificate, take a look here)

image

image

Now the Server Part is ready

Step 24:
Now will learn how to manually install the Certificate on the client machine

To roll out using Group Policy see here.

Double Click on the Certificate

Click Install Certificate – Click Next –

image

Choose Personal –

image

Click Next And Import will be Successful

Now Do the Same Process

Double Click on the Certificate

Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities

image

Double Click on the Certificate

Click Install Certificate – Click Next – Choose Intermediate Certification Authorities

image

Step 25:

Before

image

After installing the Certificate in the Client

image

Now you can use a Self Signed Certificate in Exchange 2010

Hope this gets you out of a sticky Quibble.