Solved

New-ExchangeCertificate cmdlet

Posted on 2011-02-26
7
1,103 Views
Last Modified: 2012-06-27
Hi Guys,

Please confirm the following SSL ExchangeCertificate request - cmdlet.
I've done this previously, but had problems with AutoDiscover service URL not properly represented in the certificate.  Just want to verify that all required names are included, before requesting the certificate:

We have a local domain:  domain.local
We have an internet domain:  domain.com
Name of the server:  pluto
FDQN for OWA:  remote.domain.com

New-ExchangeCertificate -GenerateRequest -Path c:\Exchange2007.csr -SubjectName "c=ZA, l=City, s=Province, o=Registered Company Name, ou=Admin, cn=remote.domain.com" -DomainName pluto, pluto.domain.local, autodiscover.domain.com -FriendlyName "SSL Exchange 2007 Certificate" -KeySize 2048 -PrivateKeyExportable $true
0
Comment
Question by:Rupert Eghardt
  • 4
  • 2
7 Comments
 
LVL 11

Assisted Solution

by:MichaelVH
MichaelVH earned 100 total points
ID: 34987024
Hi there,

It seems to be okay to me.

You've got your autodiscover, owa, local server name etc covered :)
0
 
LVL 49

Accepted Solution

by:
Akhater earned 400 total points
ID: 34987112
Yep looks good,  here is a gui interface to make your life easieer

https://www.digicert.com/easy-csr/exchange2007.htm
0
 

Author Comment

by:Rupert Eghardt
ID: 34991347
Thanks Guys,

The CSR tool does make it much easier.

Does it help to include the local server name (in this case pluto), as well as the fully qualified name for the exchange server on the local network (pluto.domain.local) in the certificate?

Or are these not being used for the purposes of the certificate?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 49

Expert Comment

by:Akhater
ID: 34991358
Yes of course it works for anything you want
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991361
Sorry i missunderstood your question, yes I wld advise to put the netbiosname pluto in it
0
 

Author Comment

by:Rupert Eghardt
ID: 34991372
It's not really "what I want", but what is required for normal Exchange operation.

At this time I am confident about the remote.domain.com for my OWA and other Exchange web features, and of course the autodiscover.domain.com, for Outlook  - which previously reported certificate errors.

I have included the server name and fully qualified server name also, but not sure whether this is really a standard requirement? OR, what will happen if it is not included?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991388
In exchange 2007 it is a best ptactice to include the netbios and fqdn name of your server but it is just to make the config more fool proof, it would work with or without that is why I said I advise you to do it
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question