Solved

New-ExchangeCertificate cmdlet

Posted on 2011-02-26
7
1,099 Views
Last Modified: 2012-06-27
Hi Guys,

Please confirm the following SSL ExchangeCertificate request - cmdlet.
I've done this previously, but had problems with AutoDiscover service URL not properly represented in the certificate.  Just want to verify that all required names are included, before requesting the certificate:

We have a local domain:  domain.local
We have an internet domain:  domain.com
Name of the server:  pluto
FDQN for OWA:  remote.domain.com

New-ExchangeCertificate -GenerateRequest -Path c:\Exchange2007.csr -SubjectName "c=ZA, l=City, s=Province, o=Registered Company Name, ou=Admin, cn=remote.domain.com" -DomainName pluto, pluto.domain.local, autodiscover.domain.com -FriendlyName "SSL Exchange 2007 Certificate" -KeySize 2048 -PrivateKeyExportable $true
0
Comment
Question by:Rupert Eghardt
  • 4
  • 2
7 Comments
 
LVL 11

Assisted Solution

by:MichaelVH
MichaelVH earned 100 total points
ID: 34987024
Hi there,

It seems to be okay to me.

You've got your autodiscover, owa, local server name etc covered :)
0
 
LVL 49

Accepted Solution

by:
Akhater earned 400 total points
ID: 34987112
Yep looks good,  here is a gui interface to make your life easieer

https://www.digicert.com/easy-csr/exchange2007.htm
0
 

Author Comment

by:Rupert Eghardt
ID: 34991347
Thanks Guys,

The CSR tool does make it much easier.

Does it help to include the local server name (in this case pluto), as well as the fully qualified name for the exchange server on the local network (pluto.domain.local) in the certificate?

Or are these not being used for the purposes of the certificate?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 49

Expert Comment

by:Akhater
ID: 34991358
Yes of course it works for anything you want
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991361
Sorry i missunderstood your question, yes I wld advise to put the netbiosname pluto in it
0
 

Author Comment

by:Rupert Eghardt
ID: 34991372
It's not really "what I want", but what is required for normal Exchange operation.

At this time I am confident about the remote.domain.com for my OWA and other Exchange web features, and of course the autodiscover.domain.com, for Outlook  - which previously reported certificate errors.

I have included the server name and fully qualified server name also, but not sure whether this is really a standard requirement? OR, what will happen if it is not included?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34991388
In exchange 2007 it is a best ptactice to include the netbios and fqdn name of your server but it is just to make the config more fool proof, it would work with or without that is why I said I advise you to do it
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now