Solved

Certificates for  Exchange and SharePoint i

Posted on 2011-09-06
4
499 Views
Last Modified: 2012-08-13
Hi, I'm configurating a system with a Windows 2008 Domain Controller a TMG 2100 R2 Exchange 2010 and a SharePoint 2010.

 I need to create a certification authority CA to generate certificates, but I lost the notes ...

 I've installed the CA in the DC,
 
I have not clear what kind of certificates I need to publish in the TMG  i need all Exchange services and sharepoint HTTPS traffic.

 Are there some manual or book?

 thanks
0
Comment
Question by:limmontreefree
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 36493698
For exchange and sharepoint external access you need a public certificate from a public CA like GoDaddy.

For exchange to work with full functinality and a securly you need a SAN certificate includes all the beow alternative names:
1. mail.domain.com ( where your mx record pints to mail.domain.com)
2.hostname (netbios name)
3.servernmae.domain.local
4.autodiscover.doamin.com


For share points you need another Certificate, you can use a free public CA to get a free single name certificate ( https://startssl.com ).

for AD CA deployment, see this please :http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
0
 

Author Comment

by:limmontreefree
ID: 36495314
Is for  test purposes and I don't want use any outside vendor, I cast all the certificates with the CA that I have installed on the DC.

I know that the Explorer bar will turn red.

Can expand the kind of certificate that I have to give in each case?

Is there any manual?

thanks again
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 500 total points
ID: 36495448
Not only the explorer bar will turn red, but also some exchange services will not work at all like autodiscovery and OAB. these service needs a secure Chanel to communicate.

You have one option then:

sharepoint --same as above.

Exchange: install one certificate with single name ( mail.domain.com ) and change exchange web services VDs per the below article:
http://support.microsoft.com/kb/940726


For the above certificates you can either use an internal CA or startsll. both will do the work adn both are free.
0
 

Author Closing Comment

by:limmontreefree
ID: 36496608
tbanks
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question