Solved

New-ExchangeCertificate cmdlet

Posted on 2011-02-26
7
1,105 Views
Last Modified: 2012-06-27
Hi Guys,

Please confirm the following SSL ExchangeCertificate request - cmdlet.
I've done this previously, but had problems with AutoDiscover service URL not properly represented in the certificate.  Just want to verify that all required names are included, before requesting the certificate:

We have a local domain:  domain.local
We have an internet domain:  domain.com
Name of the server:  pluto
FDQN for OWA:  remote.domain.com

New-ExchangeCertificate -GenerateRequest -Path c:\Exchange2007.csr -SubjectName "c=ZA, l=City, s=Province, o=Registered Company Name, ou=Admin, cn=remote.domain.com" -DomainName pluto, pluto.domain.local, autodiscover.domain.com -FriendlyName "SSL Exchange 2007 Certificate" -KeySize 2048 -PrivateKeyExportable $true
0
Comment
Question by:Rupert Eghardt
  • 4
  • 2
7 Comments
 
LVL 11

Assisted Solution

by:MichaelVH
MichaelVH earned 100 total points
ID: 34987024
Hi there,

It seems to be okay to me.

You've got your autodiscover, owa, local server name etc covered :)
0
 
LVL 49

Accepted Solution

by:
Akhater earned 400 total points
ID: 34987112
Yep looks good,  here is a gui interface to make your life easieer

https://www.digicert.com/easy-csr/exchange2007.htm
0
 

Author Comment

by:Rupert Eghardt
ID: 34991347
Thanks Guys,

The CSR tool does make it much easier.

Does it help to include the local server name (in this case pluto), as well as the fully qualified name for the exchange server on the local network (pluto.domain.local) in the certificate?

Or are these not being used for the purposes of the certificate?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 49

Expert Comment

by:Akhater
ID: 34991358
Yes of course it works for anything you want
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991361
Sorry i missunderstood your question, yes I wld advise to put the netbiosname pluto in it
0
 

Author Comment

by:Rupert Eghardt
ID: 34991372
It's not really "what I want", but what is required for normal Exchange operation.

At this time I am confident about the remote.domain.com for my OWA and other Exchange web features, and of course the autodiscover.domain.com, for Outlook  - which previously reported certificate errors.

I have included the server name and fully qualified server name also, but not sure whether this is really a standard requirement? OR, what will happen if it is not included?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991388
In exchange 2007 it is a best ptactice to include the netbios and fqdn name of your server but it is just to make the config more fool proof, it would work with or without that is why I said I advise you to do it
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Read this checklist to learn more about the 15 things you should never include in an email signature.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question