Exchange 2007 Certificates
This is a brief post about setting up certificates in Exchange 2007.
What follows is a document which I send to people who are interested in setting up Subject Alternative Name certificates for Exchange 2007.
Open EMS and enter the following;
New-ExchangeCertificate –GenerateRequest:$true -domainname email.domain.com,autodiscover.domain.com,hostname, internaldomain.com,hostname.internaldomain.com -FriendlyName “Exchange SAN cert” - privatekeyexportable:$true –path c:\ExchSANcert.txt
Submit to CA
Import-ExchangeCertificate –Path c:\cascert.cer
Make a note of the Thumbprint
e.g. 2C9FB5F00EE88BA77D72FCA273C787728866BF1E
Enable the certificate as below:
Enable-ExchangeCertificate –Thumbprint 2C9FB5F00EE88BA77D72FCA273C787728866BF1E –Services “IIS,POP,IMAP,SMTP”
Setup External URLs
Set-OABVirtualDirectory –Identity "OAB (Default Web Site)" -ExternalUrl https://url.extdomain.com/OAB -RequireSSL:$true
Set-UMVirtualDirectory –Identity "UnifiedMessaging (Default Web Site)" -ExternalUrl https:// url.extdomain.com /UnifiedMessaging/Service.aspx
Set-WebServicesVirtualDirectory –Identity "EWS (Default Web Site)" -ExternalUrl https:// url.extdomain.com /EWS/Exchange.asmx
Setup the DNS records for external Autodiscover
Autodiscover.extdomain.com
Point to the external IP address (port 443) on the CAS server
It has recently come to my attention that when you are submitting these requests to an External CA you need to get the correct subject name too!
Take a look at the MSExchangeTeam blog here for more info:
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
Hope this helps people understand this rather tricky area!
Cheers
Nathan