Solved

Configuring Certificate Authoritiy server on 2008 for Exchange 2020

Posted on 2010-09-11
5
380 Views
Last Modified: 2012-05-10
I have configured exchange 2010 Enterprise on 2008r2 enterprise.I was able to purchase a certificate from go-daddy and installed it. This solved the certificate errors when connecting using the public url from outside https://mail.publicdomain-name.com  . But since our internal domain name is owned by someone else, I was not able to by a certificate authority. Unfortunately our internal domain name .com ( i wish it was .local) .
I was told the only way to solve this is configure certificate authority locally on our network. Besides the exchange server, we have another domain controller running 2008r2 enterprise .
On which of the two servers should I install the certificate authority  and more over how wold i configure an create certificates.
I hope i can get rid of the certificate errors from internal Outlook users.  
 
0
Comment
Question by:netcomp
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33654064
your best bet here is to configure an internal dns zone for your external domain name
then update the internalurl values for the exchange virtual directories to use the external fqdn
make sure the A records for exchange resources use internal ip addresses
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33654067
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 33654659
No having an internal CA will not solve your issue, your solution would be to create in your internal DNS a zone for your external domain ExternalDomain.com and make your public fqdns resolvable by your internal clients to the internal IPs of your exchange server

say mail.externaldomain.com -> ExchangeIP etc....

and then change all the internal and external URLs to match your external name

the thing you will need to watch for is that you will need to include in this internal zone all the public records like www for example
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33655311
you could use an internal CA
you could assign an additional ip address to the server
then for the default web site add an additional binding for 443 on the new IP and apply the internal CA cert to the new binding
this makes your deployment more complex and more difficult to troubleshoot future issues
0
 
LVL 1

Author Closing Comment

by:netcomp
ID: 33775853
Thank you all,
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now