Greetings; I am still trying to wrap my head around SSL certificates and certificate servers and there are a few things I am unclear on. Q1: I am running a 2008 R2 box with AD CS role installed. Can I install my certificate from a trusted 3^rd party into this machine so that the certificates it then distributes are considered trusted? _IF_ this is possible, how would I do it and configure the certificate so that the AD SC box can supply the necessary certificates to Exchange 2007 or Exchange 2010 CAS servers, web servers, and direct access servers? Q2: If the answer to Q1 is “no” then do I need to get a wildcard certificate in order to support Exchange 2007 or Exchange 2010 CAS servers, web servers, and direct access servers? Johnny-dog Duane Rice

Hi The windows server 2008 R2 ADCS box is the trusted CA and which will be distributing the trusted certificates to all other systems in domain.So while requesting the certificates in all the applications, point the cetificate provider to ADCS box so that i will get certificate from it....Regards Rajesh J S

I understand that the ADCS is trusted _inside_ the domain, but with default settings, computers _outside_ of the domain do not trust computers that have gotten a certificate from it.I want to know whether or not installing a trusted 3rd party certificate on the ADCS box will make it so that computers _outside_ the domain will also trust machines that have gotten their certificates from the ADCS box.

Hello, Thank you for your post here. From the description, you have the concern about how to make the computes outside the domain trust the certificates from internal ADCS. You want to know whether the external users will trust the certificate from internal if you install the public 3rd party certificate on the ADCS server. If I have misunderstood the problem, please don't hesitate to let me know. Q1: no Computers outside the domain will not trust the certificates from internal when there is no subordinate relationship between you internal CA and external public CA because they don't trust your CA (or the root) that enroll the certificate. Q2: Yes It seems that you only have 1 public 3rd party certificate while you have multiple servers to publish? If yes, a wildcard certificate will help to achieve your goal. If you have any questions or concerns, please do not hesitate to let me know.