Solved

Requirements for Exchange 2010 certificate?

Posted on 2014-10-20
4
1,183 Views
Last Modified: 2014-10-24
We want to change the current certificate (internal CA) of our Exchange 2010 server with a public wildcard certificate.

The new certificate will be bought by the developer of the website. Are there any special requirements we should communicate if we want to use that SSL-certificate for Exchange in addition to the website?

What files do we need to import the SSL wildcard certificate (bought for the website) in Exchange?
0
Comment
Question by:exexc
4 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 40391646
Your exchange need 2 names if you have only one domain.
1. mail.domain.com
2.autodiscover.domain.com
Please check these for details.
1. Technet
2. EE
0
 

Author Comment

by:exexc
ID: 40391684
The web developer will get a wildcard certificate for the domain. So all subdomains should be covered.

What I don't know is, if we have to tell him that certain requirements exist for Exchange 2010.

For example is it recommended to get a 2048bit/SHA256 certificate or is SHA256 a Problem for Exchange 2010? Is there a more secure type of certificate than 2048bit/SHA256?

What kind of files does he have to send us? I guess we will need a file with the private key, a file with the public key, maybe a file for an Intermediate CA? Are these files required in a specific file format?

I never worked with public certificates in Windows, so I don't know what requirements I have to communicate to the web developer.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40391720
You can go for a wildcard certificate which is more secured than having a cert with different SANS. It means that a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.

The below site would give you more info;

https://www.digicert.com/wildcard-ssl-certificates.htm
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 40392074
1. The bit-length of the key determines the security of the hashing used to generate your certificate request. Higher is better, but will also increase the resources used by IIS when encryption data. 2048/SHA256 is sufficient for now and will be for the next few years. 1024 or lower is considered to be crackable and not recommended.

2. You will need to generate a Certificate Request file on the Exchange server for the Wildcard cert, then forward that to the web developer. The Developer will request the certificate from the Third Party CA. The CA will provide him with a file that is a "response" the the request. When you complete the Certificate request on the Exchange server, you will use this file as the response, and the server will then generate the certificate and configure it for use by the server. Once that's done, the certificate can be exported for use on other systems if you choose, but you must select the option to make the certificate exportable when creating the certificate request. If you don't do that on the server you create the certificate on, the cert will only be usable on that server.

That's basically the whole process. And to correct another user's statement, Wildcard certificates are considered *less* secure than a multiple SAN cert because the certificate will authenticate any name used against it as long as the domain name is correct. However, the difference in security is negligible and not usually a big deal.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question