Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Configuring Certificate Authoritiy server on 2008 for Exchange 2020

Posted on 2010-09-11
5
Medium Priority
?
385 Views
Last Modified: 2012-05-10
I have configured exchange 2010 Enterprise on 2008r2 enterprise.I was able to purchase a certificate from go-daddy and installed it. This solved the certificate errors when connecting using the public url from outside https://mail.publicdomain-name.com  . But since our internal domain name is owned by someone else, I was not able to by a certificate authority. Unfortunately our internal domain name .com ( i wish it was .local) .
I was told the only way to solve this is configure certificate authority locally on our network. Besides the exchange server, we have another domain controller running 2008r2 enterprise .
On which of the two servers should I install the certificate authority  and more over how wold i configure an create certificates.
I hope i can get rid of the certificate errors from internal Outlook users.  
 
0
Comment
Question by:netcomp
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 1000 total points
ID: 33654064
your best bet here is to configure an internal dns zone for your external domain name
then update the internalurl values for the exchange virtual directories to use the external fqdn
make sure the A records for exchange resources use internal ip addresses
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33654067
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 1000 total points
ID: 33654659
No having an internal CA will not solve your issue, your solution would be to create in your internal DNS a zone for your external domain ExternalDomain.com and make your public fqdns resolvable by your internal clients to the internal IPs of your exchange server

say mail.externaldomain.com -> ExchangeIP etc....

and then change all the internal and external URLs to match your external name

the thing you will need to watch for is that you will need to include in this internal zone all the public records like www for example
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33655311
you could use an internal CA
you could assign an additional ip address to the server
then for the default web site add an additional binding for 443 on the new IP and apply the internal CA cert to the new binding
this makes your deployment more complex and more difficult to troubleshoot future issues
0
 
LVL 1

Author Closing Comment

by:netcomp
ID: 33775853
Thank you all,
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question