SSL Certificates CA - SonicWall & Exchange
Posted on 2010-11-09
We have a customer with a brand new network setup that consists of a SonicWall NSA 240 and Exchange 2010 SP1. Exchange is running off of Windows Server 2008 R2.
I'm quite a bit confused with all of the certificate errors we are receiving in browsers and e-mail clients. Here is a list of when the customer sees certificate errors:
When they access:
Public side of SonicWall
Private side of SonicWall
Public side of Exchange OWA
Private side of Exchange OWA
First time connecting to exchange using POP3 or IMAP4 connections.
I have tried creating a new certificate request in exchange and going into the CA on our DC. From there i select "submit new request". It takes about 10-15minutes for it to issue the request, I export it to a "binary file" and change the extension to a ".cer". When I go to complete the certificate request, it never completes, it takes it with no error message by never changes its status. If I try and import it a second time it gives an error.
On top of all this I'm not confident whatsoever that the request I created in the first place is what I needed. I have read that if the certificate isn't correct for exchange it will break everything.
So my questions are where should I be getting these certificates issued from, should I be going to verisign for public certificate errors, and then use the internal CA for private certificate errors.
When creating the request, I'm not confident about the information I am entering into the wizard. For example:
Should I be using a "wildcard certificate". Their domain is rbiology.local, they only have 1 DC/GC and 1 Exchange server (separate from DC/GC). The exchange server is called rbio-exch.
If I am supposed to use a wildcard, what would I put for "root domain". If I am not supposed to use a wildcard, I can tell that I would at least need: OWA service, Web Services, POP/IMAP, and Hub Transport. But I am unsure if I need any of the other services (theres like 20 of them if you drill down every menu. AND THEN its asking for external host names, and Internal host names which I am even further unsure about.
As you can tell I'm very confused, please help! :)