?
Solved

New-ExchangeCertificate cmdlet

Posted on 2011-02-26
7
Medium Priority
?
1,115 Views
Last Modified: 2012-06-27
Hi Guys,

Please confirm the following SSL ExchangeCertificate request - cmdlet.
I've done this previously, but had problems with AutoDiscover service URL not properly represented in the certificate.  Just want to verify that all required names are included, before requesting the certificate:

We have a local domain:  domain.local
We have an internet domain:  domain.com
Name of the server:  pluto
FDQN for OWA:  remote.domain.com

New-ExchangeCertificate -GenerateRequest -Path c:\Exchange2007.csr -SubjectName "c=ZA, l=City, s=Province, o=Registered Company Name, ou=Admin, cn=remote.domain.com" -DomainName pluto, pluto.domain.local, autodiscover.domain.com -FriendlyName "SSL Exchange 2007 Certificate" -KeySize 2048 -PrivateKeyExportable $true
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 11

Assisted Solution

by:MichaelVH
MichaelVH earned 400 total points
ID: 34987024
Hi there,

It seems to be okay to me.

You've got your autodiscover, owa, local server name etc covered :)
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1600 total points
ID: 34987112
Yep looks good,  here is a gui interface to make your life easieer

https://www.digicert.com/easy-csr/exchange2007.htm
0
 

Author Comment

by:Rupert Eghardt
ID: 34991347
Thanks Guys,

The CSR tool does make it much easier.

Does it help to include the local server name (in this case pluto), as well as the fully qualified name for the exchange server on the local network (pluto.domain.local) in the certificate?

Or are these not being used for the purposes of the certificate?
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 49

Expert Comment

by:Akhater
ID: 34991358
Yes of course it works for anything you want
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991361
Sorry i missunderstood your question, yes I wld advise to put the netbiosname pluto in it
0
 

Author Comment

by:Rupert Eghardt
ID: 34991372
It's not really "what I want", but what is required for normal Exchange operation.

At this time I am confident about the remote.domain.com for my OWA and other Exchange web features, and of course the autodiscover.domain.com, for Outlook  - which previously reported certificate errors.

I have included the server name and fully qualified server name also, but not sure whether this is really a standard requirement? OR, what will happen if it is not included?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991388
In exchange 2007 it is a best ptactice to include the netbios and fqdn name of your server but it is just to make the config more fool proof, it would work with or without that is why I said I advise you to do it
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
New style of hardware planning for Microsoft Exchange server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question