Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to replace Exchange 2010 Self-singed Cert with Windows PKI Cert Private Internal Cert

Posted on 2010-01-05
3
Medium Priority
?
1,691 Views
Last Modified: 2012-05-08
Until I can get a Trusted Third Party Certificate approved by management, I would like to replace the automatically generated self-signed Exchange 2010 Certificate with Windows PKI on a Windows 2008 R2 server.  What do I need to do?
0
Comment
Question by:cwojcicki1099
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
Narayan_singh earned 2000 total points
ID: 26187796
You need to first enable windows 2008 CA to accespt SAN request.
From the command line on the certificate server run:

certutil setreg policy\SubjectAltName enabled
certutil setreg policy\SubjectAltName2 enabled
Restart the certificate service
Refer :http://www.gilham.org/Blog/Lists/Posts/Post.aspx?ID=395

See this Article on how to create a request for certificate
http://blogs.microsoft.co.il/blogs/eldadc/archive/2009/07/15/how-to-configure-exchange-2010-certificate.aspx

once youhave created the request you need to submit it to your internal CA and you will get a .cer file which needs to be imported later.


Or if you wanna do it through CMD shall you can do the follwoing

To generate request :

New-ExchangeCertificate -GenerateRequest -DomainName yourdomain.com, casnetbiosname, casFQDN,mail.yourdomain.com, autodiscover.yourdomain.com -PrivateKeyExportable $True -path c:\certrequest.req

http://technet.microsoft.com/en-us/library/aa998327.aspx

Once you have the request submit it to CA and When you get .cer file import by using
Import-exchangecertificate path <full path to cert file>

Letr you can enable for services:
Enable-exchangecertificate  -thumbprint xxxxxxx -services IIS, SMTP

See this :
http://msexchangeteam.com/archive/2007/07/02/445698.aspx
0
 

Author Comment

by:cwojcicki1099
ID: 26191042
How do I submit the request file to the internal CA?
0
 

Author Comment

by:cwojcicki1099
ID: 26195687
I managed to figure out the CA request.  Thanks for your help it helped me create the temp private CA I needed.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question