Solved

Exchange 2010 certificate

Posted on 2013-11-09
9
260 Views
Last Modified: 2013-11-25
I believe Exchange server 2010 requires certificate for OWA…I am not sure if it requires certificate for internal usage.

in either case if there are already certificates installed for OWA as well as for internal usage, where can I check that, and also wonder if they expire at certain time, or once you install them , they are forever..??

Thank you
0
Comment
Question by:jskfan
9 Comments
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 100 total points
ID: 39636509
If you want to use OWA external without the the cert error and if you would like to have anyone be able to set there email up on their phones or use Outlook externally you need to get a UCC cert. They will run you around $500 and that will be good for a year. Sometimes you can get discounts if you buy the 3 year certs but usually they are still the one year price times 3.

You would need to check it from IIS.

http://technet.microsoft.com/en-us/library/cc754686(v=ws.10).aspx

Have you ever bought or applied a cert before?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 200 total points
ID: 39636606
Is your internal and external OWA URLs are same ?
Normally internal and external OWA urls are different.
When you install CAS role, Exchange automatically create X.509 SSL server certificate for you with server FQDN as certificate common name.
Since most of the organizations make custom internal OWA URL, this default certificate will work with warning message.
In order to get rid of this message, you can install Windows internal AD integrated Certificate authority or can use existing one if you have and generate required SSL cert for your internal OWA url.
The expiry period of this certificate depends upon what you have set on CA server.
All OWA certificates can be located at certificate personnel store or
through Exchange MMC\server configuration\CAS Server
Hope that helps
0
 
LVL 6

Assisted Solution

by:iradatsiddiqui
iradatsiddiqui earned 100 total points
ID: 39636673
0
 
LVL 10

Assisted Solution

by:Vijaya Babu Sekar
Vijaya Babu Sekar earned 100 total points
ID: 39638137
No, Based on the exchange version. have some validity, for eg: if you installed Exchange 2010 SP1 it will be valid for 5 years. then you need create new certificate. if you dont want external use. you dont create any ssl certificate.

if you want to use external. you should create, import and enabled the certificate for OWA, Active sync, outlook any where,

You can refer the below article, it will useful for create the SSL certificate for external
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Thanks.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jskfan
ID: 39640506
yes ...Internal and external URLs for OWA are the same
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39640977
In that case you don't required additional certificates.
You can have single Public SSL cert with required Subject alternative names (SAN) and bind all Exchange services to that certificate.
If you wanted to use different url for internal network, then you need to create additional SSL cert from Internal CA server.
Also you need to create additional CAS VIP OR additional OWA virtual directory which can bind internal SSL cert.
0
 

Author Comment

by:jskfan
ID: 39642548
in my case, Internal and external URLs for OWA are the same .

where in Exchange can I check the Certificate and the date of its expiration ?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39642773
0
 

Author Closing Comment

by:jskfan
ID: 39676331
Thanks
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now