Using a internal windows CA certificate with Exchange 2010
Using a Self Sign Certificate can Manage Owa alone, But Issuing a Internal Windows CA Certificate can serve all type of Clients
So will learn how to do it on Windows Server 2012.
We can use a internal windows CA certificate with Exchange 2013 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error.
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate ,
You need to have two A records , Mail.domain.com and Autodisover.domain.com
and you will place the cert which we generate into the machines your configuring outlook. or any device, So that you can over come outlook errors
First we will learn how to Export a Certificate request file from Exchange 2013,
Step 1:
Login to Exchange Administration Center (EAC) in Exchange 2013
Servers – Certificates – Click on the “+” Sign – New
Choose
“Create a request for a Certificate from the Certification authority”
Next
Type a Friendly Name :
Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com
Choose the Server to have the Cert Request
Step 2:
Enter the Required URL’s for your Exchange ,
For Example Am entering only for Outlook Web App (When accessed from the internet)
Step 3:
You will see the collection for URL’s
Step 4:
Fill out the Form
Create a Simple Share to Save the Cert Request
Save the Cert Request to a Shared Location as below
Now you could see the Pending Cert Request
Step 5:
Your request file would look like this
ExchangeCert.req is the request file you created. Now right click on the file , Open with , Use notepad
Opening it via Notepad , It would give a set of Request content, You will use this content in the later part
Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)
Open Server Manager – Manage – Add Roles and Features
Step 7:
Choose : Active Directory Certificate Services
Choose Next
And Choose : Certification Authority Web Enrollment
Choose : Certification Authority Web Enrollment
Choose Install
Choose Close
Step 8:
To Configure Active Directory Certificate Services
Choose the Exclamation Mark on the Flag
Choose Next
Choose
Certificate Authority
&
Certification Authority Web Enrollment
Step 9:
Choose Root CA
Step 10:
Create a new Private key
Step 11:
Have this Default with 2048 key Character length
Step 12:
Click Next
Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
Step 14:
Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,
Use the right side column “Browse *.443(https)
Step 16:
You would see a page like this , Choose Request a Certificate
Step 17:
Click on Advanced Certificate Request
Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC
Step 19:
Now Copied the content from the Note pad – (See Step5)
Choose Template : WebServer
Step 20:
Choose “Base 64 encoded”
Step 21:
Save the Certificate
Copied the File to a Common Share
Step 22:
Now go to your EAC – Servers – Certificates- Choose the Pending Request – Choose Complete
Step 23:
Now Assign Services to the Certificate
Choose Cert and Click on Edit
Now the Server Part is ready
Now will learn how to install the Certificate in the Client End
Double Click on the Certificate
Click Install Certificate – Click Next –
Choose Local Machine
Choose Personal –
Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
Step 25:
Before
After installing the Certificate in the Client