Solved

Certificates for  Exchange and SharePoint i

Posted on 2011-09-06
4
487 Views
Last Modified: 2012-08-13
Hi, I'm configurating a system with a Windows 2008 Domain Controller a TMG 2100 R2 Exchange 2010 and a SharePoint 2010.

 I need to create a certification authority CA to generate certificates, but I lost the notes ...

 I've installed the CA in the DC,
 
I have not clear what kind of certificates I need to publish in the TMG  i need all Exchange services and sharepoint HTTPS traffic.

 Are there some manual or book?

 thanks
0
Comment
Question by:limmontreefree
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
Comment Utility
For exchange and sharepoint external access you need a public certificate from a public CA like GoDaddy.

For exchange to work with full functinality and a securly you need a SAN certificate includes all the beow alternative names:
1. mail.domain.com ( where your mx record pints to mail.domain.com)
2.hostname (netbios name)
3.servernmae.domain.local
4.autodiscover.doamin.com


For share points you need another Certificate, you can use a free public CA to get a free single name certificate ( https://startssl.com ).

for AD CA deployment, see this please :http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
0
 

Author Comment

by:limmontreefree
Comment Utility
Is for  test purposes and I don't want use any outside vendor, I cast all the certificates with the CA that I have installed on the DC.

I know that the Explorer bar will turn red.

Can expand the kind of certificate that I have to give in each case?

Is there any manual?

thanks again
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 500 total points
Comment Utility
Not only the explorer bar will turn red, but also some exchange services will not work at all like autodiscovery and OAB. these service needs a secure Chanel to communicate.

You have one option then:

sharepoint --same as above.

Exchange: install one certificate with single name ( mail.domain.com ) and change exchange web services VDs per the below article:
http://support.microsoft.com/kb/940726


For the above certificates you can either use an internal CA or startsll. both will do the work adn both are free.
0
 

Author Closing Comment

by:limmontreefree
Comment Utility
tbanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now