Certificate in Exchange 2007
Hi Guys,
I have recently setup a complete new sbs2008 server. I am stuck on certificate... I have approched godaddy.com for a ssl certificate for exchange 2007 but they are finding it difficult to issue me a certificate because they cant access my domain ie remote.fdm****.co.uk.
I have asked my hosting company to create a DNS entry for remote.fdm****.co.uk which they have done and link that to my valid IP address. Do i have to use this address to configure mobile devices as well or do i need a new certificate and dns entry for mail.fdm****.co.uk.
Do I need SSL certificate or UCC certificate to achive what I want to do.
Please guys help me setting up exchange as I have nevr worked with exchange 2007.
Hope to hear from you guys soon.
Vik
July 13th, 2010 8:45am
Hi
Yes you should use a SAN cert, that will do that work best
Digicert have a nice generator that helps you to create the CSR
https://www.digicert.com/easy-csr/exchange2007.htm
You should include the following names
mail.fdm****.co.uk
autodiscover.fdm****.co.uk
servername.internaldomain.local
Then you need to create an A record for mail.fdm****.co.uk and point it to your server (fw->server) and for autodiscover you can use C name record and point that one to mail.fdm****.co.uk.
Make sure you open for HTTPS (443) from external to your serverJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 9:57am
Thanks Janas...
Do i have to make anychanges to SBS server as well to generate CRS for
mail.fdm****.co.uk
autodiscover.fdm****.co.uk
servername.internaldomain.local
What changes shall i make in exchange server. And for A record and Cname record shall I contact my ISP because I dont have access to DNS of our domin name. I already have SSL certificate for remote.fdml****.co.uk... shall I cancel that and reapply for UCC...
Hope to hear from you guys soon...
Thanks
Vik
July 13th, 2010 11:02am
Hi
You can check this article and follow the steps that you need to do like configuring address, authentication etc.
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part4.html
The only change you need to make is this above, addresses and authentication, then it's dns and fw changes and requesting certificates
Yes you can include remote name in the SAN cert also, that's the best option you have here
Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 11:07am
Thanks for your reply Janas.... I have gone through the link but I am able to make changes on exchange... to be very honest i never work with exchange 2007 moreover I dont have isa installed I have watchguard x55e.
Thanks
Vik...
PS. Jasan sorry to ask you but where r u based...is it possible to have a word with you....
thanks
July 13th, 2010 11:24am
Send over your emailaddress , i can give you a almost step-by-step how to do it
I'm based in SwedenJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 11:27am
my email address is vikramsokhi@gmail.com....
My setup is SBS2008 with exchange 2007.
I am based in London... I can call you if you dont mind.
Thanks
Vik
July 13th, 2010 11:33am