Solved

Configuring Certificate Authoritiy server on 2008 for Exchange 2020

Posted on 2010-09-11
5
383 Views
Last Modified: 2012-05-10
I have configured exchange 2010 Enterprise on 2008r2 enterprise.I was able to purchase a certificate from go-daddy and installed it. This solved the certificate errors when connecting using the public url from outside https://mail.publicdomain-name.com  . But since our internal domain name is owned by someone else, I was not able to by a certificate authority. Unfortunately our internal domain name .com ( i wish it was .local) .
I was told the only way to solve this is configure certificate authority locally on our network. Besides the exchange server, we have another domain controller running 2008r2 enterprise .
On which of the two servers should I install the certificate authority  and more over how wold i configure an create certificates.
I hope i can get rid of the certificate errors from internal Outlook users.  
 
0
Comment
Question by:netcomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33654064
your best bet here is to configure an internal dns zone for your external domain name
then update the internalurl values for the exchange virtual directories to use the external fqdn
make sure the A records for exchange resources use internal ip addresses
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33654067
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 33654659
No having an internal CA will not solve your issue, your solution would be to create in your internal DNS a zone for your external domain ExternalDomain.com and make your public fqdns resolvable by your internal clients to the internal IPs of your exchange server

say mail.externaldomain.com -> ExchangeIP etc....

and then change all the internal and external URLs to match your external name

the thing you will need to watch for is that you will need to include in this internal zone all the public records like www for example
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33655311
you could use an internal CA
you could assign an additional ip address to the server
then for the default web site add an additional binding for 443 on the new IP and apply the internal CA cert to the new binding
this makes your deployment more complex and more difficult to troubleshoot future issues
0
 
LVL 1

Author Closing Comment

by:netcomp
ID: 33775853
Thank you all,
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question