none
Installing Exchange 2010 Certificate from Network Solutions

    Question

  • What is installed:

    Windows Server 2008 R2 SP1

    Exchange 2010

    I have read up on installing the Certificate but I am needing a little guidance.....

    What I want to do is make the certificate error disappear on OWA and on Outlook....

    How should I go about this? I have cert from Network Solutions that includes wildcards.

    Friday, May 11, 2012 4:15 PM

Answers

  • What is installed:

    Windows Server 2008 R2 SP1

    Exchange 2010

    I have read up on installing the Certificate but I am needing a little guidance.....

    What I want to do is make the certificate error disappear on OWA and on Outlook....

    How should I go about this? I have cert from Network Solutions that includes wildcards.

    The better solution is to buy a certificate (It should include all FQDNs in use for https connections) from a trusted public CA. Like that, it will disappear without any additional efforts.

    If you want to use a local certificate then you will need a CA and you have to make the CA certificate trusted by client computers: http://technet.microsoft.com/en-us/library/cc770315%28v=ws.10%29.aspx

    Here, you will have to install manually the certificate on client computers in Workgroups, SmartPhones ....

    So, you will need additional administrative efforts.

    If possible, I would prefer using a SAN certificate instead of a Wilcard one.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Friday, May 11, 2012 4:51 PM

All replies

  • What is installed:

    Windows Server 2008 R2 SP1

    Exchange 2010

    I have read up on installing the Certificate but I am needing a little guidance.....

    What I want to do is make the certificate error disappear on OWA and on Outlook....

    How should I go about this? I have cert from Network Solutions that includes wildcards.

    The better solution is to buy a certificate (It should include all FQDNs in use for https connections) from a trusted public CA. Like that, it will disappear without any additional efforts.

    If you want to use a local certificate then you will need a CA and you have to make the CA certificate trusted by client computers: http://technet.microsoft.com/en-us/library/cc770315%28v=ws.10%29.aspx

    Here, you will have to install manually the certificate on client computers in Workgroups, SmartPhones ....

    So, you will need additional administrative efforts.

    If possible, I would prefer using a SAN certificate instead of a Wilcard one.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Friday, May 11, 2012 4:51 PM
  • Thanks for your response!

    I have already purchased the SSL Cert from Network Solutions. I'm not purchasing anymore certs for this project if the current certs will work.

    What Network Solutions sent me was:

    AddTrustExternalCARoot.crt
    NetworkSolutions_CA.crt
    STAR.domain.ORG.crt
    UTNAddTrustServer_CA.crt

    I checked with Network Solutions for install of the cert but wanted to get more information from Certified IT professionals

    Friday, May 11, 2012 5:00 PM
  • just apply the wildcard that coresponds to your domain name
    Friday, May 11, 2012 6:08 PM
  • Could someone please give me some guidance on the cert to install and how I should go about installing the cert. I've read multiple ways on how to install the cert but what is the best way?

    Right now there is a default cert installed called "Microsoft Exchange".... Should I delete it, keep it, what?


    • Edited by DW419 Friday, May 11, 2012 6:20 PM
    Friday, May 11, 2012 6:19 PM
  • You have to import it and then to enable it for wanted services.

    To import it: http://technet.microsoft.com/en-us/library/bb124424.aspx

    To enable it for services: http://technet.microsoft.com/en-us/library/aa997231.aspx


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Friday, May 11, 2012 6:22 PM
  • You can keep the self signed cert just don't assign services to it.

    Assign proper services to your Wildcard cert.

    Friday, May 11, 2012 6:32 PM
  • Right now it has services assigned to it by default

    What should I do?

    Friday, May 11, 2012 6:54 PM
  • Seen this posting on another site and tried it.....   http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010

    Cert installs but it still prompts to "Complete Pending Request"

    Friday, May 11, 2012 6:56 PM
  • That is because it looks like you didn't sign your CERT with a private key from your internal CA

    Open your certificate and verify that private key is assigned

    Friday, May 11, 2012 7:15 PM
  • When you import the new cert cert & assign it to the services you want, it will associate those services with the new cert, you can't have more that one cert assinged to the same service.

    Sukh

    Friday, May 11, 2012 7:17 PM
  • How do I find the private key.....?

    I never assigned it anything to my knowledge.... I recieved the certs from Network Solutions and saved them on the exchange server.

    That's it.

    Friday, May 11, 2012 7:42 PM
  • The Default "Exchange Certificate" has all the services assigned to it.

    Friday, May 11, 2012 7:46 PM
  • When you import the new cert through the GUI it should ask  you what services you want to assign to it. If not you should be able to assign them through the gui, go to the EMC, and expand the organization, then click on servers  you should see a certificate wizard over there.

    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Friday, May 11, 2012 8:08 PM
  • That's the default, when you assign the new cert those services will be assigned over.

    Sukh

    Friday, May 11, 2012 8:11 PM
  • Call Network solutions. They will walk you through the entire process for free. They have done it hundreds of times and know the best steps to take to install their certs on Exchange 2010. 

    Also, when using a wildcard for Exchange, you will want to make sure you are using split-dns (internal domain name and external domain name are the same), or you are asking for trouble. Network solutions does not support SAN certs, which is why they push wildcards for Exchange. I have been doing Exchange consulting for years, and always avoid wildcards when possible.

    When using a wildcard, you also have to set the Outlook provider to match the name on the cert (which is *.domain.com). When using a SAN this step is not required because the first name on the cert will already match your external DNS name for OWA. If you are using Outlook Anywhere, do not forget to run the following..

       Set-OutlookProvider EXPR -CertPrincipalName "msstd:*.domain.com"


    http://jaworskiblog.com

    Friday, May 11, 2012 8:15 PM
  • I need to uninstall the cert now.... How do I uninstall the cert and erase the thumprint?

    Friday, May 11, 2012 8:23 PM
  • Uh... No they don't do it for free... Just called.
    Friday, May 11, 2012 8:55 PM
  • Hello,

    For more reference, please refer to the following article:

    More on Exchange 2007 and certificates - with real world scenario

    http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx

    Thanks,

    Simon

    Monday, May 14, 2012 2:18 AM