Re: cannot create openssl master certificate on my Exchange2007 Server!Help needed!

Wed, 22 Jul 2009 17:28:23 -0700

Exchange2007 will accept both a CER file (binary encoded PKCS7 file or straight up PEM encoded PKCS7 file) or a PEM (Base64) encoded crt file via the *Import-ExchangeCertificate* cmdlet. Same can be said for IIS 6 and 7. Both Default to the CER container format.
Exchange2007 has a function to create it's own self-signed certificate by using the *New-ExchangeCertificate* cmdlet. The TechNet docs cover this topic. 


Are you looking to go through the IIS SSL how-to to become your own CA 
with its own chain of trust or were you looking just for a way to use 
SSL/TLS on Exchange 2007 to secure the various services (AutoDiscover, 
ActiveSync, IMAP, POP, SMTP, OWA, etc.) ? The only problem with becoming 
your own CA is you'd have distribute the Root Certificates to *ALL* 
clients or else it will error out when they connect to it. It might be 
better to go with something more ubiquitous (something that's pretty 
much everywhere) then becoming your own CA.



You may want to take a look at the offerings of one of the companies 
that Microsoft recommends [ http://support.microsoft.com/kb/929395 ] for 
Exchange 2007 class certificates such as the ones offered by Comodo [ 
http://www.comodo.com/msexchange ] as these can be pretty headache free.



There's no technological difference between what an OpenSSL CA puts 
forth vs. that what a commercial CA does. The only real difference is 
the ubiquity and the cost to your wallet (which Comodo doesn't charge 
very much as opposed to Greedysign [verisign])


Hope this helps!



On 07/22/2009 04:55 AM, deblarinteln wrote:

Okay, that went fine! Thanks for your help. Now I tried to work through the
KB-Article but I don't get it to be honest. As far as I can say that I
understood what the Exchange wants for a type of certificate I say that the
Exchange2007 Server expects a file *.cer. To get this I should somehow get a
*.txt file to convert that into a *.cer. Am I right? What do I have to do to
get a *.txt file to be able to convert that into a *.cer?

   


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]






















					Reply via email to