Solved

Configuring Certificate Authoritiy server on 2008 for Exchange 2020

Posted on 2010-09-11
5
378 Views
Last Modified: 2012-05-10
I have configured exchange 2010 Enterprise on 2008r2 enterprise.I was able to purchase a certificate from go-daddy and installed it. This solved the certificate errors when connecting using the public url from outside https://mail.publicdomain-name.com  . But since our internal domain name is owned by someone else, I was not able to by a certificate authority. Unfortunately our internal domain name .com ( i wish it was .local) .
I was told the only way to solve this is configure certificate authority locally on our network. Besides the exchange server, we have another domain controller running 2008r2 enterprise .
On which of the two servers should I install the certificate authority  and more over how wold i configure an create certificates.
I hope i can get rid of the certificate errors from internal Outlook users.  
 
0
Comment
Question by:netcomp
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33654064
your best bet here is to configure an internal dns zone for your external domain name
then update the internalurl values for the exchange virtual directories to use the external fqdn
make sure the A records for exchange resources use internal ip addresses
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33654067
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 33654659
No having an internal CA will not solve your issue, your solution would be to create in your internal DNS a zone for your external domain ExternalDomain.com and make your public fqdns resolvable by your internal clients to the internal IPs of your exchange server

say mail.externaldomain.com -> ExchangeIP etc....

and then change all the internal and external URLs to match your external name

the thing you will need to watch for is that you will need to include in this internal zone all the public records like www for example
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33655311
you could use an internal CA
you could assign an additional ip address to the server
then for the default web site add an additional binding for 443 on the new IP and apply the internal CA cert to the new binding
this makes your deployment more complex and more difficult to troubleshoot future issues
0
 
LVL 1

Author Closing Comment

by:netcomp
ID: 33775853
Thank you all,
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now