How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

Using a internal windows CA certificate with Exchange 2010

Using a Self Sign Certificate can Manage Owa alone, But Issuing a Internal Windows CA Certificate can serve all type of Clients
So will learn how to do it on Windows Server 2012.

We can use a internal windows CA certificate with Exchange 2013 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error.
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate ,

You need to have two A records , Mail.domain.com and Autodisover.domain.com

and you will place the cert which we generate into the machines your configuring outlook. or any device, So that you can over come outlook errors

First we will learn how to Export a Certificate request file from Exchange 2013,

Step 1:

Login to Exchange Administration Center (EAC) in Exchange 2013

Servers – Certificates – Click on the “+” Sign – New

image

Choose

“Create a request for a Certificate from the Certification authority”

Next

image

Type a Friendly Name :

image

Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com

image

Choose the Server to have the Cert Request

image

Step 2:

Enter the Required URL’s for your Exchange ,

image

For Example Am entering only for Outlook Web App (When accessed from the internet)

image

Step 3:

You will see the collection for URL’s

image

 

Step 4:

Fill out the Form

image

Create a Simple Share to Save the Cert Request

image

 

Save the Cert Request to a Shared Location as below

image

Now you could see the Pending Cert Request

image

Step 5:
Your request file would look like this

image

 

ExchangeCert.req is the request file you created. Now right click on the file , Open with , Use notepad

Opening it via Notepad , It would give a set of Request content, You will use this content in the later part

image

Step 6:
You need to have this role installed to have a  Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)

Open Server Manager – Manage – Add Roles and Features

image

Step 7:

Choose : Active Directory Certificate Services

Choose Next

And Choose : Certification Authority Web Enrollment

image

Choose : Certification Authority Web Enrollment

image

Choose Install

image

Choose Close

image

 

Step 8:

To Configure Active Directory Certificate Services

Choose the Exclamation Mark on the Flag

image

Choose Next

image

Choose

Certificate Authority

&

Certification Authority Web Enrollment

image
Choose Enterprise

image

Step 9:
Choose Root CA

image

Step 10:
Create a new Private key

image

Step 11:
Have this Default with 2048 key Character length

image

Step 12:
Click Next

image

Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

image

Step 14:

image

image

image

Step 15:
Now if you Open IIS manager , you will see “CertSrv”  a Virtual Directory Created ,

image
Use the right side column “Browse *.443(https)

Step 16:
You would see a page like this , Choose Request a Certificate

image

Step 17:
Click on Advanced Certificate Request

image

Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC

image

Step 19:
Now Copied the content from the  Note pad  – (See Step5)
Choose Template : WebServer

image

Step 20:
Choose “Base 64 encoded”

image

Step 21:
Save the Certificate

image

Copied the File to a  Common Share

image

Step 22:

Now go to your EAC – Servers – Certificates- Choose the Pending Request – Choose Complete

image

 

image

Step 23:
Now Assign Services to the Certificate

Choose Cert and Click on Edit

image

image

Now the Server Part is ready

image
Step 24:

Now will learn how to install the Certificate in the Client End
Double Click on the Certificate

image

Click Install Certificate – Click Next –

image

Choose Local Machine

image

Choose Personal –

image
Click Next And Import will be Successful

image
Now Do the Same Process
Double Click on the Certificate

Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities

image
Double Click on the Certificate

Click Install Certificate – Click Next – Choose Intermediate Certification Authorities

image

Step 25:
Before

image

After installing the Certificate in the Client

image