Exchange 2007 Certificates

This is a brief post about setting up certificates in Exchange 2007.

What follows is a document which I send to people who are interested in setting up Subject Alternative Name certificates for Exchange 2007.

 

Open EMS and enter the following;

New-ExchangeCertificate –GenerateRequest:$true -domainname email.domain.com,autodiscover.domain.com,hostname, internaldomain.com,hostname.internaldomain.com -FriendlyName “Exchange SAN cert” - privatekeyexportable:$true –path c:\ExchSANcert.txt

 

Submit to CA

Import-ExchangeCertificate –Path c:\cascert.cer

 

Make a note of the Thumbprint

e.g. 2C9FB5F00EE88BA77D72FCA273C787728866BF1E

 

Enable the certificate as below:

Enable-ExchangeCertificate –Thumbprint 2C9FB5F00EE88BA77D72FCA273C787728866BF1E –Services “IIS,POP,IMAP,SMTP”

 

Setup External URLs

Set-OABVirtualDirectory –Identity "OAB (Default Web Site)" -ExternalUrl https://url.extdomain.com/OAB -RequireSSL:$true

Set-UMVirtualDirectory –Identity "UnifiedMessaging (Default Web Site)" -ExternalUrl https:// url.extdomain.com /UnifiedMessaging/Service.aspx

Set-WebServicesVirtualDirectory –Identity "EWS (Default Web Site)" -ExternalUrl https:// url.extdomain.com /EWS/Exchange.asmx

 

Setup the DNS records for external Autodiscover

Autodiscover.extdomain.com

Point to the external IP address (port 443) on the CAS server

 

 

It has recently come to my attention that when you are submitting these requests to an External CA you need to get the correct subject name too!

Take a look at the MSExchangeTeam blog here for more info:

http://msexchangeteam.com/archive/2007/02/19/435472.aspx

 

Hope this helps people understand this rather tricky area!

Cheers

Nathan