Solved

Configuring Certificate Authoritiy server on 2008 for Exchange 2020

Posted on 2010-09-11
5
379 Views
Last Modified: 2012-05-10
I have configured exchange 2010 Enterprise on 2008r2 enterprise.I was able to purchase a certificate from go-daddy and installed it. This solved the certificate errors when connecting using the public url from outside https://mail.publicdomain-name.com  . But since our internal domain name is owned by someone else, I was not able to by a certificate authority. Unfortunately our internal domain name .com ( i wish it was .local) .
I was told the only way to solve this is configure certificate authority locally on our network. Besides the exchange server, we have another domain controller running 2008r2 enterprise .
On which of the two servers should I install the certificate authority  and more over how wold i configure an create certificates.
I hope i can get rid of the certificate errors from internal Outlook users.  
 
0
Comment
Question by:netcomp
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
endital1097 earned 250 total points
ID: 33654064
your best bet here is to configure an internal dns zone for your external domain name
then update the internalurl values for the exchange virtual directories to use the external fqdn
make sure the A records for exchange resources use internal ip addresses
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33654067
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 33654659
No having an internal CA will not solve your issue, your solution would be to create in your internal DNS a zone for your external domain ExternalDomain.com and make your public fqdns resolvable by your internal clients to the internal IPs of your exchange server

say mail.externaldomain.com -> ExchangeIP etc....

and then change all the internal and external URLs to match your external name

the thing you will need to watch for is that you will need to include in this internal zone all the public records like www for example
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33655311
you could use an internal CA
you could assign an additional ip address to the server
then for the default web site add an additional binding for 443 on the new IP and apply the internal CA cert to the new binding
this makes your deployment more complex and more difficult to troubleshoot future issues
0
 
LVL 1

Author Closing Comment

by:netcomp
ID: 33775853
Thank you all,
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now