Solved

Exchange Certificate not trusted

Posted on 2010-11-25
5
320 Views
Last Modified: 2012-05-10
I have 2 mail servers both have SSL certificates but how do I add the issuer of the certificate to all machines so
that any machine automatically trusts it? It a company called ALpha CA.

I'd need step by step assistance I'm afraid as while I understand how certificates work, integrating them
is something different. To me anyway
0
Comment
Question by:Majicthise
  • 3
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 34213037
This article explains how to do it via group policy:

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

However, it may be more cost effective to buy 'proper' UC certificates from GoDaddy or Certificatesforexchange.com
0
 

Author Comment

by:Majicthise
ID: 34213110
Yeah I saw that
I have the certificates emailed and installed them OK ontot he exchangeboxes
I just dont see how to get them into AD?

Email

-----BEGIN CERTIFICATE-----
MIIEtTCCA52gAwIBAgILAQAAAAABKLq05RAwDQYJKoZIhvcNAQEFBQAwNjERMA8G
A1UECxMIQWxwaGEgQ0ExDjAMBgNVBAoTBUFscGhhMREwDwYDVQQDEwhBbHBoYSBD
1BqwvUbSvkrjtc5JsWkRedIY1gmJqn6aeflCrqeRTZQPA10EwVz/qinji+pZ/GBm
966fuTAhRIt9
-----END CERTIFICATE-----


Signed Certificate (PKCS7 Format)

-----BEGIN PKCS7-----
MIIMkwYJKoZIhvcNAQcCoIIMhDCCDIACAQExADALBgkqhkiG9w0BBwGgggxoMIIE
tTCCA52gAwIBAgILAQAAAAABKLq05RAwDQYJKoZIhvcNAQEFBQAwNjERMA8GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMIIBIjANBgkq
Pd5BzAeuY1K/U1P0K+nH/bb3gl+F0kEY24GzBBzFH6SAbxUgyd4MiAod1mZV4vxI
ySkmaeAxAA==
-----END PKCS7-----


Bundle Certificate (Intermediate)

-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgILBAAAAAABHkSl8XEwDQYJKoZIhvcNAQEFBQAwVzELMAkG
SI2Ddng5V2fqZH5xHY5A5qWrZDL3g8d7vaTe3IMTpKKM8yp26RpwSlEXt2wm3+4F
x05b2jZUoUl59koGCuMB6v5Icws9nLgogfC0pchimhEozRjRByPSuu4U24dk7Suq
fxq9CncU1dXMMRKi7wajF8HgGKvHUw==
-----END CERTIFICATE-----


Root Certificate (CA)

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

I've tried saving various section as Cer crt and p7b but it doesn't want to know.
0
 

Author Comment

by:Majicthise
ID: 34213175
Oddly enough I tried it with another certificate and it worked
Then went back to the original one and it worked
Maybe cut 'n' paste was the issue?
0
 

Author Closing Comment

by:Majicthise
ID: 34213181
Got this fa but couldnt get certificate installed. Thought it was process of adding certificates that was flawed more liekly my cut & paste...
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34213196
Sorry I didn't get back sooner.

Most likely there was an extraneous space / carriage return after the end of the ===end certificate=== bit. So easy in notepad and the like.

Thanks for the points.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question