[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Installing 3rd Party SSL Certificates on to Windows Server 2008 R2/Exchange 2010

Posted on 2014-01-10
5
Medium Priority
?
612 Views
Last Modified: 2014-01-10
We currently have a Self-Signed SSL Certificate on an Exchange 2010 Server running Windows Server 2008 R2. We purchased a third party certificate from Mediaura to replace our self-signed certificate. They sent us 3 Certificates and instructed us to install all 3. From IIS7, we were able to use the Complete Certificate Request to install the main mail.xxxxxx.org (SSL https:443) certificate successfully, but do not fully understand the function of the other two certificates or how they work in conjunction with the main certificate. Neither do we know how to or where to import these 2 certificates.
The certificates are called "AddTrustCARoot.crt" and "PositivesSSLCA2.crt".

Please help us to understand how these certificates work with the server certificate and what we need to do to correctly install these on our server.
0
Comment
Question by:dtssupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:cristiantm
ID: 39771756
Those are the so called Certificate Chain.

A certificate chain is a path of certificates leading from your certificate (the server certificate) to a trusted anchor (root CA, that should probably be AddTrustCARoot.crt).

For verifying a certificate, a computer needs to know the path from the server certificate until a root CA that he alreay trusts. By intalling those in your server, you allow your server to send them to your clients so they can construct the path and decide if they want to trust the root CA or not.
0
 

Author Comment

by:dtssupport
ID: 39771777
How do we install the AddTrustCARoot.crt?  Do we do it differently than the Server Certificate?
0
 
LVL 3

Expert Comment

by:cristiantm
ID: 39771788
You can find detailed instruction for that here:
http://www.entrust.net/knowledge-base/technote.cfm?tn=8166

Just select Trusted root instead of intermediate certificate for the root CA
0
 

Author Comment

by:dtssupport
ID: 39771803
What about the Third Certificate? Would it be imported into the Trusted root as well and do we can have to change the extensions? PositivesSSLCA2.crt
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 1500 total points
ID: 39771811
This is probably the Intermediate certificate, and should be installed exactly as the instruction o the link (no need to change the storage to the trusted certificates one)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question