Tuesday, 16 October 2012

Self Signed Certificate in Exchange 2010

We can use a self signed certificated for Exchange 2010 ,
Now will learn how to do it.
Something which you need to know is , Using a self signed certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE
So that’s why people prefer going for a 3rd party certificate to overcome it.
Will Learn using a Self Signed Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS
First we will learn how to Export a Certificate request file from Exchange 2010 ,
 
Step 1:
image

Type a Friendly Name :

image


Wild Card is used for Very Big Environment .For Example : *.Domain.com
image

Step 2:
Assign the required Services for your Exchange , Give a Tick Mark
image

You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010
image

Step 3:
You will see the collection for URL’s

image

Step 4:
Fill out the Form – And set the location for the Cert Request file
image

image

Step 5:
Your request file would look like this

image

Open it via Notepad , because we need this content to generate a Certificate
image

Step 6:
You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)
image

Step 7:
Choose : Certification authority , Certification Authority Web Enrollment
image

Step 8:
Choose Enterprise
image

Step 9:
Choose Root CA
image


Step 10:
Create a new Private key
image

Step 11:
Have this Default with 2048 key Character length
image

Step 12:
Click Next
image

Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next
image

Step 14:

image

Step 15:
Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,
Use the right side column “Browse *.443(https)

image

Step 16:
You would see a page like this , Choose Request a Certificate

image

Step 17:
Click on Advanced Certificate Request
image

Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC
image

Step 19:
Now Copy the Note pad -
Choose Template : WebServer

image

Step 20:

Choose “Base 64 encoded”
image

Step 21:
Save the Certificate
image image

Step 22:
Now go to your EMC
Server Configuration – Complete Pending request
image

Chose the Certificate :

image

Step 23:
Now Assign Services to the Certificate
image


image
Now the Server Part is ready

Step 24:

Now will learn how to install the Certificate in the Client End

Double Click on the Certificate
Click Install Certificate – Click Next –

image

Choose Personal –

image

Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities
image

Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities
image

Step 25:

Before
image

After installing the Certificate in the Client
image



Great !!

Now you learn how to use a Self Signed Certificate in Exchange 2010