?
Solved

Certificates for  Exchange and SharePoint i

Posted on 2011-09-06
4
Medium Priority
?
516 Views
Last Modified: 2012-08-13
Hi, I'm configurating a system with a Windows 2008 Domain Controller a TMG 2100 R2 Exchange 2010 and a SharePoint 2010.

 I need to create a certification authority CA to generate certificates, but I lost the notes ...

 I've installed the CA in the DC,
 
I have not clear what kind of certificates I need to publish in the TMG  i need all Exchange services and sharepoint HTTPS traffic.

 Are there some manual or book?

 thanks
0
Comment
Question by:limmontreefree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 2000 total points
ID: 36493698
For exchange and sharepoint external access you need a public certificate from a public CA like GoDaddy.

For exchange to work with full functinality and a securly you need a SAN certificate includes all the beow alternative names:
1. mail.domain.com ( where your mx record pints to mail.domain.com)
2.hostname (netbios name)
3.servernmae.domain.local
4.autodiscover.doamin.com


For share points you need another Certificate, you can use a free public CA to get a free single name certificate ( https://startssl.com ).

for AD CA deployment, see this please :http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
0
 

Author Comment

by:limmontreefree
ID: 36495314
Is for  test purposes and I don't want use any outside vendor, I cast all the certificates with the CA that I have installed on the DC.

I know that the Explorer bar will turn red.

Can expand the kind of certificate that I have to give in each case?

Is there any manual?

thanks again
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 2000 total points
ID: 36495448
Not only the explorer bar will turn red, but also some exchange services will not work at all like autodiscovery and OAB. these service needs a secure Chanel to communicate.

You have one option then:

sharepoint --same as above.

Exchange: install one certificate with single name ( mail.domain.com ) and change exchange web services VDs per the below article:
http://support.microsoft.com/kb/940726


For the above certificates you can either use an internal CA or startsll. both will do the work adn both are free.
0
 

Author Closing Comment

by:limmontreefree
ID: 36496608
tbanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question