How to - Obtain certificate from a Root CA on a Server Core
Hi all,
I'm stumped a bit. I'm installing Exchange 2010 in a lab and I need a SAN certificate for it. So I created an enterprise root ca by installing it on a server core. I enabled SAN certificate option using commandline. I enabled remote management and from another
computer's mmc, I'm able to view the server.
I created a .req file using exchange 2010 wizard, and from the MMC, right click server, all task, "submit new request" I browse to thefile.
Nothing happens. There is no error, but there is no certificate either. Pending requests is empty. Under issued certificates, I only have 3 certificates, one for each DCs.
What can I do, where can I look, how do I fix?
Any help would be very valuable
Thanks in advance
-Shah
June 10th, 2011 1:49pm
See
http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx#BKMK_AS5
You can use the self signed certs from exchange 2010 if it is lab.
See how to use self signed certs
http://marckean.wordpress.com/2009/10/09/install-self-signed-exchange-2010-ssl-certificate/
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2011 3:41pm
I created a .req file using exchange 2010 wizard, and from the MMC, right click server, all task, "submit new request" I browse to thefile.
Hi Shah,
After you create a .req file, please request the certificate using IE(e.g.
http://CAServerName/certsrv). You can do it as following blog:
Creating a Certificate through an Internal CA with Subject Alternate Names
http://b41n5.wordpress.com/2010/07/15/creating-a-certificate-through-an-internal-ca-with-subject-alternate-names/
After you download the .cer file, you can import it to Exchange server using both EMC or EMS.
Frank Wang
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 13th, 2011 3:07am
I like below post for exchange 2010 certificate renre/enable. Have a look.
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
http://exchangeserverpro.com/export-an-exchange-server-2010-certificate-to-exchange-2003
Read comments also in above post :)Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2011, My Blog : http://messagingschool.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 7:06am
Thanks for the link Frank,
Unfortunately, My server core does not have the IIS components installed so I don't have the web interface. Is that the only method to do it?
Can I install IIS after it is an Enterprise root CA and still enable the web components?
-S
June 13th, 2011 6:42pm
Hi Shah,
Please click "Add Role Services" to add "Certification Authority Web Enrollment" in the "Active Directory Certificate Services" node of server Manager.
Frank Wang
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 3:52am
Hi Shah,
Any updates?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 16th, 2011 1:45am