?
Solved

Requirements for Exchange 2010 certificate?

Posted on 2014-10-20
4
Medium Priority
?
1,313 Views
Last Modified: 2014-10-24
We want to change the current certificate (internal CA) of our Exchange 2010 server with a public wildcard certificate.

The new certificate will be bought by the developer of the website. Are there any special requirements we should communicate if we want to use that SSL-certificate for Exchange in addition to the website?

What files do we need to import the SSL wildcard certificate (bought for the website) in Exchange?
0
Comment
Question by:exexc
4 Comments
 
LVL 28

Expert Comment

by:MAS
ID: 40391646
Your exchange need 2 names if you have only one domain.
1. mail.domain.com
2.autodiscover.domain.com
Please check these for details.
1. Technet
2. EE
0
 

Author Comment

by:exexc
ID: 40391684
The web developer will get a wildcard certificate for the domain. So all subdomains should be covered.

What I don't know is, if we have to tell him that certain requirements exist for Exchange 2010.

For example is it recommended to get a 2048bit/SHA256 certificate or is SHA256 a Problem for Exchange 2010? Is there a more secure type of certificate than 2048bit/SHA256?

What kind of files does he have to send us? I guess we will need a file with the private key, a file with the public key, maybe a file for an Intermediate CA? Are these files required in a specific file format?

I never worked with public certificates in Windows, so I don't know what requirements I have to communicate to the web developer.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40391720
You can go for a wildcard certificate which is more secured than having a cert with different SANS. It means that a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.

The below site would give you more info;

https://www.digicert.com/wildcard-ssl-certificates.htm
0
 
LVL 44

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 40392074
1. The bit-length of the key determines the security of the hashing used to generate your certificate request. Higher is better, but will also increase the resources used by IIS when encryption data. 2048/SHA256 is sufficient for now and will be for the next few years. 1024 or lower is considered to be crackable and not recommended.

2. You will need to generate a Certificate Request file on the Exchange server for the Wildcard cert, then forward that to the web developer. The Developer will request the certificate from the Third Party CA. The CA will provide him with a file that is a "response" the the request. When you complete the Certificate request on the Exchange server, you will use this file as the response, and the server will then generate the certificate and configure it for use by the server. Once that's done, the certificate can be exported for use on other systems if you choose, but you must select the option to make the certificate exportable when creating the certificate request. If you don't do that on the server you create the certificate on, the cert will only be usable on that server.

That's basically the whole process. And to correct another user's statement, Wildcard certificates are considered *less* secure than a multiple SAN cert because the certificate will authenticate any name used against it as long as the domain name is correct. However, the difference in security is negligible and not usually a big deal.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question