Solved

Exchange 2010 certificate

Posted on 2013-11-09
9
266 Views
Last Modified: 2013-11-25
I believe Exchange server 2010 requires certificate for OWA…I am not sure if it requires certificate for internal usage.

in either case if there are already certificates installed for OWA as well as for internal usage, where can I check that, and also wonder if they expire at certain time, or once you install them , they are forever..??

Thank you
0
Comment
Question by:jskfan
9 Comments
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 100 total points
ID: 39636509
If you want to use OWA external without the the cert error and if you would like to have anyone be able to set there email up on their phones or use Outlook externally you need to get a UCC cert. They will run you around $500 and that will be good for a year. Sometimes you can get discounts if you buy the 3 year certs but usually they are still the one year price times 3.

You would need to check it from IIS.

http://technet.microsoft.com/en-us/library/cc754686(v=ws.10).aspx

Have you ever bought or applied a cert before?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 200 total points
ID: 39636606
Is your internal and external OWA URLs are same ?
Normally internal and external OWA urls are different.
When you install CAS role, Exchange automatically create X.509 SSL server certificate for you with server FQDN as certificate common name.
Since most of the organizations make custom internal OWA URL, this default certificate will work with warning message.
In order to get rid of this message, you can install Windows internal AD integrated Certificate authority or can use existing one if you have and generate required SSL cert for your internal OWA url.
The expiry period of this certificate depends upon what you have set on CA server.
All OWA certificates can be located at certificate personnel store or
through Exchange MMC\server configuration\CAS Server
Hope that helps
0
 
LVL 6

Assisted Solution

by:iradatsiddiqui
iradatsiddiqui earned 100 total points
ID: 39636673
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 10

Assisted Solution

by:Vijaya Babu Sekar
Vijaya Babu Sekar earned 100 total points
ID: 39638137
No, Based on the exchange version. have some validity, for eg: if you installed Exchange 2010 SP1 it will be valid for 5 years. then you need create new certificate. if you dont want external use. you dont create any ssl certificate.

if you want to use external. you should create, import and enabled the certificate for OWA, Active sync, outlook any where,

You can refer the below article, it will useful for create the SSL certificate for external
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Thanks.
0
 

Author Comment

by:jskfan
ID: 39640506
yes ...Internal and external URLs for OWA are the same
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39640977
In that case you don't required additional certificates.
You can have single Public SSL cert with required Subject alternative names (SAN) and bind all Exchange services to that certificate.
If you wanted to use different url for internal network, then you need to create additional SSL cert from Internal CA server.
Also you need to create additional CAS VIP OR additional OWA virtual directory which can bind internal SSL cert.
0
 

Author Comment

by:jskfan
ID: 39642548
in my case, Internal and external URLs for OWA are the same .

where in Exchange can I check the Certificate and the date of its expiration ?
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39642773
0
 

Author Closing Comment

by:jskfan
ID: 39676331
Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question