Solved

Requirements for Exchange 2010 certificate?

Posted on 2014-10-20
4
1,094 Views
Last Modified: 2014-10-24
We want to change the current certificate (internal CA) of our Exchange 2010 server with a public wildcard certificate.

The new certificate will be bought by the developer of the website. Are there any special requirements we should communicate if we want to use that SSL-certificate for Exchange in addition to the website?

What files do we need to import the SSL wildcard certificate (bought for the website) in Exchange?
0
Comment
Question by:exexc
4 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 40391646
Your exchange need 2 names if you have only one domain.
1. mail.domain.com
2.autodiscover.domain.com
Please check these for details.
1. Technet
2. EE
0
 

Author Comment

by:exexc
ID: 40391684
The web developer will get a wildcard certificate for the domain. So all subdomains should be covered.

What I don't know is, if we have to tell him that certain requirements exist for Exchange 2010.

For example is it recommended to get a 2048bit/SHA256 certificate or is SHA256 a Problem for Exchange 2010? Is there a more secure type of certificate than 2048bit/SHA256?

What kind of files does he have to send us? I guess we will need a file with the private key, a file with the public key, maybe a file for an Intermediate CA? Are these files required in a specific file format?

I never worked with public certificates in Windows, so I don't know what requirements I have to communicate to the web developer.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40391720
You can go for a wildcard certificate which is more secured than having a cert with different SANS. It means that a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.

The below site would give you more info;

https://www.digicert.com/wildcard-ssl-certificates.htm
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 40392074
1. The bit-length of the key determines the security of the hashing used to generate your certificate request. Higher is better, but will also increase the resources used by IIS when encryption data. 2048/SHA256 is sufficient for now and will be for the next few years. 1024 or lower is considered to be crackable and not recommended.

2. You will need to generate a Certificate Request file on the Exchange server for the Wildcard cert, then forward that to the web developer. The Developer will request the certificate from the Third Party CA. The CA will provide him with a file that is a "response" the the request. When you complete the Certificate request on the Exchange server, you will use this file as the response, and the server will then generate the certificate and configure it for use by the server. Once that's done, the certificate can be exported for use on other systems if you choose, but you must select the option to make the certificate exportable when creating the certificate request. If you don't do that on the server you create the certificate on, the cert will only be usable on that server.

That's basically the whole process. And to correct another user's statement, Wildcard certificates are considered *less* secure than a multiple SAN cert because the certificate will authenticate any name used against it as long as the domain name is correct. However, the difference in security is negligible and not usually a big deal.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now