occredit
asked on
Outlook 2010 \ Exchange 2010 Security Alert Message
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes - you need to generate a CSR for Exchange to be able to order a certificate. Run the Wizard in the Exchange Management Console> Server Configuration and make sure you end up with all the names I have suggested at the end of the wizard before you proceed.
Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\PathToCertificate\Issue dCert.cer -Encoding byte -ReadCount 0))
Get-ExchangeCertificate
Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198 628675333d 010e -Services POP,IMAP,SMTP,IIS
Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
Then copy / paste the contents of the CSR into your SSL Cert site, wait for them to approve the cert, download it and then import / enable the certificate using the Exchange Management Shell using these commands:
Import-ExchangeCertificate
Get-ExchangeCertificate
Copy / paste the Thumbprint from the cert you installed above and replace the Thumbprint in the command below
Enable-ExchangeCertificate
Job done - sit back and enjoy a Certificate Error Free life (until Cert renewal time)!!
If you dont have budget for it, you can also install (trust) the probably self signed certificate on the client:
http://support.microsoft.com/kb/2006728/en-us
http://support.microsoft.com/kb/2006728/en-us
ASKER
Thanks for the prompt replies and suggestions. Once we get the Cert, we'll give it a try.
No probs - here if you need me.
ASKER
Question on the CSR. The wizard only allow one domain name (common name) how do we generate for multiple domains?
ASKER
I meant mutiple names.
You don't need to generate one for multiple domain names.
You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.
Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints. I do this myself and it works like a charm :)
You can host multiple domain names with Exchange with just a 5-name SSL certificate and have everything work happily.
Setup an Autodiscover A record for your Primary Domain name (or an SRV record pointing to a name in your SSL cert e.g., mail.domaina.com) and then setup an SRV record for all the other domain names and point the SRV record to mail.domaina.com and there won't be any complaints. I do this myself and it works like a charm :)
ASKER
Got a Multiple Domain (UCC) SSL up to 5 domains from Go Daddy and it worked!
Thanks for the help.
Thanks for the help.
Excellent - thanks for the points.
Alan
Alan
ASKER