RE: Default Exchange certificate deleted and replaced by SAN purchased one
Why would you delete a certificate that wasn't causing any problems and wasn't causing you any harm? :-P The easiest thing to do is just new-exchangeCertificate. Or you can change the certificate name and then restart MSExchangeTransport. From: Al Rose [mailto:arose...@gmail.com] Sent: Thursday, October 4, 2012 10:33 AM To: MS-Exchange Admin Issues Subject: Default Exchange certificate deleted and replaced by SAN purchased one Hi, Since i have enabled IMAP,POP,IIS and SMTP to use our SAN certificate we just purchased, i decided we no longer the Default Self-Signed certificate created during Exchnage installation. Now i am getting he following error logs: Microsoft Exchange could not find a certificate that contains the domain name REMCORPEXCH10.corp.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default REMCORPEXCH10 with a FQDN parameter of REMCORPEXCH10.corp.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. I have checked the Receive Connectors (Default ones) and they all have the FQDN of the Exchange servers set under the General tab - Specify the FQDN this connector will provide in response to HELO or EHLO. What is it i need to do? Recreate a self-signed certificate for the FQDN computer name or change the FQDN to webmail.contoso.comhttp://webmail.contoso.com which is what our cert is signed for? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Exchange Certificate
Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange Certificate
It can make using activesync with windows mobile to sync with exchange difficult or impossible, depending on the device/carrier. Glen Johnson wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Arial Rounded MT Bold; panose-1:2 15 7 4 3 5 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:Calibri,sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} span.EmailStyle18 {mso-style-type:personal; font-family:Calibri,sans-serif; color:windowtext;} span.EmailStyle19 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle20 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle21 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- Pardon my jump in here on this old thread but I’ve been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I’d like to start using it but if it is going to cause problems, I’d appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ http://domainsforexchange.net/ *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:36 PM *To:* MS-Exchange Admin Issues *Subject:* Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time
RE: Exchange Certificate
Windows Mobile prior to version 6 do not support wildcard certificates. That will mean you cannot use the certificate to secure Exchange ActiveSync. Simon. From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: 12 June 2008 15:45 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Thanks. If that is the main problem, we'll be ok for now. No active sync going on here. -Original Message- From: wjh [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 11:04 AM To: MS-Exchange Admin Issues Subject: Re: Exchange Certificate It can make using activesync with windows mobile to sync with exchange difficult or impossible, depending on the device/carrier. Glen Johnson wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Arial Rounded MT Bold; panose-1:2 15 7 4 3 5 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:Calibri,sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} span.EmailStyle18 {mso-style-type:personal; font-family:Calibri,sans-serif; color:windowtext;} span.EmailStyle19 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle20 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle21 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ http://domainsforexchange.net/ *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL
Re: Exchange Certificate
Only one I've seen is WM5 devices don't like it On Thu, Jun 12, 2008 at 7:44 AM, Glen Johnson [EMAIL PROTECTED] wrote: Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ -- *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:36 PM *To:* MS-Exchange Admin Issues *Subject:* Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE *Windows Systems Administrator* Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Exchange Certificate
Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
www.comodo.com do cheap certs compared to VeriSign, you need to add a trusted root cert as well as the base cert, all the documentation on the ms site will do just fine for the set up, and the Comodo site has some good docs as well, create the request, get the cert, and install in accordance with the instructions, no more warnings in IE Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:36 To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
I used Digicert for mine. They have a tool on their web site that allows you to simply fill in the blanks and it spits out the necessary PowerShell for creating the request. Very simple and well priced. Tim From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:36 AM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
www.certificatesforexchange.com Like Comodo, you'll probably need to grab their root certificate as well. But for $25-30 you get a trusted certificate that works just as well as the expensive ones. Roger Wright From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-c lient-access/securing-exchange-2007-client-access-server-3rd-party-san-certi ficate.html should tell you all you need to know. I also recommend certificatesforexchange.com, as someone else has already pointed out. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
I use a standard GoDaddy certificate. It takes a bit of work to get it installed, but once it's there it works like a charm - and you don't need to deal with SAN certificates. Check out: http://support.microsoft.com/?kbid=940726 Jason Tierney, MCSE Vice President, Consulting Services Corporate Network Services Count on Us direct: 240-425-4441 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:59 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html should tell you all you need to know. I also recommend certificatesforexchange.com, as someone else has already pointed out. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~