Exchange 2010 - OWA assign certificate
-
Saturday, May 12, 2012 10:21 AM
Greetings!
Ok, hear me out. Public CA already gave me a certificate for OWA. Subject name of cert is for example: mailing.company.com.
Now, how can I assign this certificate on Exchange 2010 only for OWA purpouse. I was unable to find it thru Management Console.
Can I assign this to virtual directory OWA inside IIS, or should or can I do it otherwise?
with best regards,
bostjanc
All Replies
-
Saturday, May 12, 2012 10:27 AMyou need to do it trough either EMC or EMS
-
Saturday, May 12, 2012 1:25 PM
Hi Bostjan,Now, how can I assign this certificate on Exchange 2010 only for OWA purpouse. I was unable to find it thru Management Console.
Can I assign this to virtual directory OWA inside IIS, or should or can I do it otherwise?
with best regards,
bostjanc
NO, It's not possible to assign a certificate to a Virtualdirectory.
What is it you are trying to accomplish?Martina Miskovic
-
Saturday, May 12, 2012 1:43 PM
Martina hi.
Ok, hear me out. This is is our situation...
We have Exchange 2007 in our environment. This Exchange server had 2 certs. One with FQDN of Exchange server name and other was used for OWA. We also used OWA certificate on TGM with which we have enabled external access of the OWA.
Ok, the idea with fresh installed Exchange 2010 recent ago is to also stick with two certificates. The reason why we are not using SAN certificate is because some of the services that our company provides is also public certificate authority (it is also in Microsoft trusted root CA), but the problem is we weren't able to publish SAN certificates yet, and we will able to do that at the end of 2012 when we will change our infrastructure of public CA.
Ok, soo the idea is to stick with two certificates also on the Exchange 2010. Now if I have installed two certs on Exchange 2010, one with FQDN and other cert only with SN of external access for OWA I don't understand how can I excplicitly assign OWA certificate for OWA role?
This is the 1st problem, that I don't know how to assign this 2nd certificate (OWA certificate) only for OWA purpouse.
But while I'm typing, we have another issue. If I want to "play"/"test" our current Exchange 2010 installation I need guys from our public CA to give me a server certificate. Soo to avoid asking them all the time to publish me a new certificate I decided I would use our internal CA for test purpouse in the begining phase of migrating Exchange 2007 to Exchange 2010. Now here I have another challange. Internal CA is installed on DC, and TGM do not except CNG certificates. Ok, soo I need to send a legacy key request to our internal CA, but our DC does not like that kind of request in CA. I got and error message that I need to use only templates, soo now I'm stuck with how to create a certificate which will work on TGM and I am able to publich it thru internal CA.
bostjanc
-
Monday, May 14, 2012 2:55 AMModerator
Hello,
The certificate binds to a web site in IIS.
By default, the OWA Dir is under the Default Web Site. If you assign the certificate to the Defualt Web Site, other services like autodiscover, EWS and ActiveSync will also use this certificate.
If you want to assign the certificate only to the OWA, you need to create a new web site for OWA.
Thanks,
Simon
-
Monday, May 14, 2012 10:07 AM Nevermind. I figured it out that you don't need to assign OWA certificate anywhere on Exchange 2010. Just as longest it sits there in computer certs Personal that's ok.
bostjanc
- Marked As Answer by Bostjan Cvelbar Monday, May 14, 2012 10:07 AM
.png)
