• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1124
  • Last Modified:

New-ExchangeCertificate cmdlet

Hi Guys,

Please confirm the following SSL ExchangeCertificate request - cmdlet.
I've done this previously, but had problems with AutoDiscover service URL not properly represented in the certificate.  Just want to verify that all required names are included, before requesting the certificate:

We have a local domain:  domain.local
We have an internet domain:  domain.com
Name of the server:  pluto
FDQN for OWA:  remote.domain.com

New-ExchangeCertificate -GenerateRequest -Path c:\Exchange2007.csr -SubjectName "c=ZA, l=City, s=Province, o=Registered Company Name, ou=Admin, cn=remote.domain.com" -DomainName pluto, pluto.domain.local, autodiscover.domain.com -FriendlyName "SSL Exchange 2007 Certificate" -KeySize 2048 -PrivateKeyExportable $true
0
Rupert Eghardt
Asked:
Rupert Eghardt
  • 4
  • 2
2 Solutions
 
MichaelVHCommented:
Hi there,

It seems to be okay to me.

You've got your autodiscover, owa, local server name etc covered :)
0
 
AkhaterCommented:
Yep looks good,  here is a gui interface to make your life easieer

https://www.digicert.com/easy-csr/exchange2007.htm
0
 
Rupert EghardtAuthor Commented:
Thanks Guys,

The CSR tool does make it much easier.

Does it help to include the local server name (in this case pluto), as well as the fully qualified name for the exchange server on the local network (pluto.domain.local) in the certificate?

Or are these not being used for the purposes of the certificate?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
AkhaterCommented:
Yes of course it works for anything you want
0
 
AkhaterCommented:
Sorry i missunderstood your question, yes I wld advise to put the netbiosname pluto in it
0
 
Rupert EghardtAuthor Commented:
It's not really "what I want", but what is required for normal Exchange operation.

At this time I am confident about the remote.domain.com for my OWA and other Exchange web features, and of course the autodiscover.domain.com, for Outlook  - which previously reported certificate errors.

I have included the server name and fully qualified server name also, but not sure whether this is really a standard requirement? OR, what will happen if it is not included?
0
 
AkhaterCommented:
In exchange 2007 it is a best ptactice to include the netbios and fqdn name of your server but it is just to make the config more fool proof, it would work with or without that is why I said I advise you to do it
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now