Solved

Certificates for  Exchange and SharePoint i

Posted on 2011-09-06
4
508 Views
Last Modified: 2012-08-13
Hi, I'm configurating a system with a Windows 2008 Domain Controller a TMG 2100 R2 Exchange 2010 and a SharePoint 2010.

 I need to create a certification authority CA to generate certificates, but I lost the notes ...

 I've installed the CA in the DC,
 
I have not clear what kind of certificates I need to publish in the TMG  i need all Exchange services and sharepoint HTTPS traffic.

 Are there some manual or book?

 thanks
0
Comment
Question by:limmontreefree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 36493698
For exchange and sharepoint external access you need a public certificate from a public CA like GoDaddy.

For exchange to work with full functinality and a securly you need a SAN certificate includes all the beow alternative names:
1. mail.domain.com ( where your mx record pints to mail.domain.com)
2.hostname (netbios name)
3.servernmae.domain.local
4.autodiscover.doamin.com


For share points you need another Certificate, you can use a free public CA to get a free single name certificate ( https://startssl.com ).

for AD CA deployment, see this please :http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
0
 

Author Comment

by:limmontreefree
ID: 36495314
Is for  test purposes and I don't want use any outside vendor, I cast all the certificates with the CA that I have installed on the DC.

I know that the Explorer bar will turn red.

Can expand the kind of certificate that I have to give in each case?

Is there any manual?

thanks again
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 500 total points
ID: 36495448
Not only the explorer bar will turn red, but also some exchange services will not work at all like autodiscovery and OAB. these service needs a secure Chanel to communicate.

You have one option then:

sharepoint --same as above.

Exchange: install one certificate with single name ( mail.domain.com ) and change exchange web services VDs per the below article:
http://support.microsoft.com/kb/940726


For the above certificates you can either use an internal CA or startsll. both will do the work adn both are free.
0
 

Author Closing Comment

by:limmontreefree
ID: 36496608
tbanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question