Remote Support Software

Provide instant remote support to customers and employees:

Click here for a free trial

Enable Certificates

hi guys,
I've got this current situation :
2 CAS server doing HA in a NLB, 2 HT, 2 MBX, 2 Edge and 2 ISA doing NLB to publish OWA and RPC..so I request cert from my CAS01, and already import + enabled the IMAP, IIS, POP services.
then I go to HT01 to enabled SMTP services, is it correct to export the cert (*.pfx) and import from HT01 then I have to enabled the SMTP services?

Do I have to import from other server : CAS02, HT02 and enabled the appropriate services?
how do I disabled the selfsigned service ? I'm using the enabled-exchangecertificate -thumbprint <thumbprint> -services none
, but I don't get the services disabled ? Do I have to export it to ISA01 and ISA02? I don't have to export to Edge and MBX right?
sorry for the noob question, thx..
rgds, Krisna

Need to support users over the internet? click here try our remote control online beta






May 6th, 2010 7:20am
Ans:
1: Yes you have to enable certificate for other CAS and HUB also
2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell.
3: For ISA you have to enable cetificate if you have taken from internet CA
4: YesAnil

Need to support users over the internet? click here try our remote control online beta






May 6th, 2010 12:25pm
Ans:
1: Yes you have to enable certificate for other CAS and HUB also
2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell.
3: For ISA you have to enable cetificate if you have taken from internet CA
4: Yes

Anil
humm, for answer number 2 I'm still a little bit confuse because if I don't remove the self signed cert then I import the internet CA then enabled it, when I
get-exchangecertificate there's two SMTP/IMAP/IIS/POP services enabled? is it gonna be a problem?
for ISA, I only import the *.pfx, how do I enabled it?from the rule publishing?rgds, Krisna

There is an amazing pack of free network admin tools. click here to download it






May 6th, 2010 12:45pm
Hi,
For question 2: it won't be a problem.
"In most cases, Exchange selects a certificate issued by a trusted CA over a self-signed certificate regardless of the age of the certificate "
More information:
Certificate Use in Exchange Server 2007

http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx

If you really don't want to see self signed certification again, you can remove it.

Remove-ExchangeCertificate

http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx

By the way, I think there is only one IIS services enabled.
Frank Wang

There is an amazing pack of free network admin tools. click here to download it






May 7th, 2010 9:37am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics