none
cert for owa

    Question

  • hello

    i want to enable ssl for owa and exchange active sync.

    i install a local stand alone CA so what s the next step ?

    thanks.

    Wednesday, December 14, 2011 1:39 PM

Answers

  • Hi,

    You can use those two links for creating CSR and installing the certificate

    https://www.digicert.com/easy-csr/exchange2010.htm

    http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

     

    Regarding the names you should use

    mail/webmail.domain.com

    autodiscover.domain.com

    server-fqdn/casarray.domain.com/local

    and depending on your DNS infra you might need the servername or cas array name if you're using a cas array

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Marked as answer by Amin El-Zein Wednesday, December 21, 2011 7:21 AM
    Tuesday, December 20, 2011 12:30 PM

All replies

  • hello

    i want to enable ssl for owa and exchange active sync.

    i install a local stand alone CA so what s the next step ?

    thanks.


    What version of Exchange?
    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    Thursday, December 15, 2011 3:37 AM
  • hi,

    First,you should New Exchange Server 2010 Certificate In the Exchange Management Console navigate to Server Configuration. follow the wizard to complete the config.

    You should pay attention for this.

    Then  apply a cert from your ca.

    After you have acquired the new certificate return to the Exchange Management Console, navigate to Server Configuration, right-click the server and choose Complete Pending Request.

    Browse to the location of the file you downloaded from the CA and complete the wizard. Confirm that the new SSL certificate was imported successfully.

    With the valid SSL certificate installed it is now time to assign it to the Exchange Server 2010 services. Right-click the new certificate and choose “Assign Services to Certificate”.

    hope can help you

    thanks,

    castin

     

    Thursday, December 15, 2011 4:47 AM
  • thanks

    but i want to know how to obtain it in ca ....

    also if i pay for a new one what i have to do ?

    thanks.

    Thursday, December 15, 2011 3:30 PM
  • hi,

    obtain a cert from ca,you can follow this:

    On you exchange server,open the url:http://yourCAserverAddress/certsrv.

    click the request a certificate

    click advanced certificate request

    choose submit a certificate request by useing a base-64-encodeed cmc or pkcs#file

    the certificate tha have applied from the exchange sever  open with Notepad.copy all to the textbox in the webpage.submit.

    then you have got o cert from ca.

    the rest of opreation you can follow above say.

    hope can help you

    thanks,

    castin

    Friday, December 16, 2011 1:12 AM
  • what if i want to get it for some ssl provide what the type that i should get

    any siggest provider?

    thanks.

    Saturday, December 17, 2011 1:53 PM
  • hi,

    you can use a cert from a third party CA,but what's the meaning of the type(what the type that i should get)?I think the  information in detail that you need you can ask the  cert provider.They will give your some suggestion.Hope can help you.

    thanks,

    castin

    Monday, December 19, 2011 1:30 AM
  • Hi,

    You can go for SAN Certificates which includes your multiple names in Exchange 2010.

    Microsoft recommends including your Exchange server's full public domain name (eg mail.yourdomain.com) and autodiscover.yourdomain.com.

    Thanks

    Sushant

    Monday, December 19, 2011 4:58 PM
  • Hi,

    You can use those two links for creating CSR and installing the certificate

    https://www.digicert.com/easy-csr/exchange2010.htm

    http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

     

    Regarding the names you should use

    mail/webmail.domain.com

    autodiscover.domain.com

    server-fqdn/casarray.domain.com/local

    and depending on your DNS infra you might need the servername or cas array name if you're using a cas array

     


    Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82
    • Marked as answer by Amin El-Zein Wednesday, December 21, 2011 7:21 AM
    Tuesday, December 20, 2011 12:30 PM