Exchange 2010 self signed certificate
How to Use a Self Signed Certificate in Exchange 2010
It seems to be certificate month here at the moment. I’ve had to setup a self signed certificate for a company so they can connect via SSL to both Outlook Web Access and Exchange 2010 using Outlook (2007/2010)
Something you should be aware of is that because these are “Self Signed” you will need to install the certificate(s) on every machine being used as well as Mobile devices. If you don’t you’ll continue to get a certificate error in the your browser.
You can rollout the certificate to the computers through Group Policy. You can see how to do this here.
So that’s why people prefer going for a 3rd party certificate to overcome it.
When using a Self Signed Certificate , for this to work Externally you need to have a CNAME record in your public DNS which points to your Public IP address to your CAS
First we need to export the Certificate request file from Exchange 2010
Type a Friendly Name :
Wild Card is used for Very Big Environment .For Example : *.Domain.com
Step 2:
Assign the required Services for your Exchange , Give a Tick Mark
You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010
Step 3:
You will see the collection for URL’s
Step 4:
Fill out the Form – And set the location for the Cert Request file
Step 5:
Your request file should look similar to this:
Open it via Notepad , because we need this content to generate a Certificate
Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self
Step 7:
Choose : Certification authority , Certification Authority Web Enrollment
Step 8:
Choose Enterprise
Step 9:
Choose Root CA
Step 10:
Create a new Private key
Step 11:
Have this Default with 2048 key Character length
Step 12:
Click Next
Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
Step 14:
Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,
Use the right side column “Browse *.443(https)
Step 16:
You would see a page like this , Choose Request a Certificate
Step 17:
Click on Advanced Certificate Request
Step 18:
Choose the Second option: “Submit a certificate request by using a base-64-Encoded CMC”
Step 19:
Now Copy the Note pad from the certificate request we got earlier – Choose Template : WebServer
Step 20:
Choose “Base 64 encoded”
Step 21:
Save the Certificate
Step 22:
Now go to your EMC
Server Configuration – Complete Pending request
Chose the Certificate :
Step 23:
Now Assign Services to the Certificate (Note: If you find that you can’t assign services to the certificate, take a look here)
Now the Server Part is ready
Step 24:
Now will learn how to manually install the Certificate on the client machine
To roll out using Group Policy see here.
Double Click on the Certificate
Click Install Certificate – Click Next –
Choose Personal –
Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
Step 25:
Before
After installing the Certificate in the Client
Now you can use a Self Signed Certificate in Exchange 2010
Hope this gets you out of a sticky Quibble.
Leave a Reply