Exchange 2010 Working With Certificates

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] out-of-the-box exchange 2010 comes with a self-signed certificate which isn't terribly good so we're gonna buy one how often you I am seen got a server configuration and I can either right-click and select new exchange certificate I'll pick it off the menu on the right hand side and a friendly name for the certificate this come here anything you want it to be next now whenever I use a wild card to forget that we're gonna get a unified coms certificate wild card certs are still void but depreciate we're gonna use this for Outlook Web App ah how low access so we're gonna use it internally using its internal fqdn and we're also going to use it externally using its public addressable name which out on the internet is going to be mil Horst don't server HTTP talk come so that's outlook web access to it and care of the next thing we will look at his active sync for our mobile devices which are gonna be used externally so I'm gonna check out the internal name of the server there and piston it's public name its public addressable them that's ActiveSync taken care of I'm just gonna copy in person because I'm gonna need that again in a minute right outlook anywhere and auto-discovery service now the external horse name it will fill in incorrectly you'll need to change that to its public addressable name and internally I will leave everything on the defaults of using the long URL and then it will resolve internally it or discover dot demand nib that's our client access our stuff side I'll just take a brief look at this I'm not using the certificate for popper I'm up so I'm gonna leave all this stuff blank enough fill in I'm also not running a unified messaging server of that release Donald so I'm not bothered about them that of transport server now you can if you wish secure internet mail with TLS just putting this in doesn't mean that you got a secure with TLS and finally there is an option for legacy exchange servers if you in the middle offer migration from a 2003 environment you can put the fqdn serve your 2003 boxes in there as well if you wanted to that's everything filled in click Next now I'm gonna change the common name which is the minimum certificate to its public addressable name which is male host don't serve HTTP calm and I'm going to set that as the common name for the certificate bear in mind that this name will have to be addressable both inside and outside so inside you might need to create an entry in your DNS that resolves the public name to the private IP address or if you've got a nice firewall like a cisco hace you can just be an s doctrine stuff for the certificate organization is just a free text box you can put in there whatever you want as this organizational unit country and region mine is the United Kingdom and that sets it to Great Britain which are two completely different things go figure what city again these are three text boxes Stayton province Americanized t-shirt no I'm going beside where I'm gonna save the certificate I'm just gonna put it on the route off the C Drive and give it a sensible name I'll call the exchange request and I'll just tag on that today as dear as well so no more it is and save that next great new and I'll be in well green ticks everything's fine click finish and should see popped on the list we have a pendant certificate request now that'll be sat on the route of the C Drive you need to send it the information from within that to whoever you're buying your certificate from so if you have look at it open it with notepad what you usually have to do it's copy and paste all this text to remembered or add any spaces or anything on copy and paste it as you see here into the form or the online form of whoever you are purchasing the certificate from then you fill in the form appear them for the certificate and they will send you back a certificate now I've got my certificate back and what I've done is I've saved the certificate on the route of the C Drive of the server so I'll go back to where I was right click my pending certificate and I will complete the request browse to the certificate that I've been sent click open click complete this takes a little bit longer I'll speed it up when it's done click finish now that's imported the certificate into the repository that's not really doing anything yet so we need to look at the certificate that's the one with my public name on it so I know the one in the middle is the one that we're dealing with select the certificate in question and then you can either simply right-click it and assign services to the certificate or go across to the right hand side and pick assigned services to City forget off the menu pick the service that you want to add the certificate to and pick the services having everything apart from Unified Messaging you can I want you didn't pop over to the Box anyway next click a sign yes you would like to replace the SMTP difficut finish and that certificate imported answer with the correct services let's just give that a very quick test if I open a webpage and quarter outlook web app I remember for it not to error you need to be going to the public near more than in that you set as the common name so that needs to resolve internally to its internal IP address and the UCS come up without any security Harrah warnings that's the stun don't forget to come and visit at www.petland.com thanks very much
Info
Channel: PeteNetLive
Views: 60,586
Rating: undefined out of 5
Keywords: microsoft, exchange 2010, certificates, uc certificate, wildcard, wildcards, unified communication, unified comms, SAN, subject alternative name, what do I need, create a request, install a certificate, assign services, smtp, iis, pop, imap, um, create a certificate, outlook web app, outlook web access, owa, active sync, active-sync, autodiscover, outlook anywhere, common name, public address
Id: GD0Ro0etUPQ
Channel Id: undefined
Length: 8min 7sec (487 seconds)
Published: Tue May 24 2011
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.