RE: Exchange Certificate
Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange Certificate
It can make using activesync with windows mobile to sync with exchange difficult or impossible, depending on the device/carrier. Glen Johnson wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Arial Rounded MT Bold; panose-1:2 15 7 4 3 5 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:Calibri,sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} span.EmailStyle18 {mso-style-type:personal; font-family:Calibri,sans-serif; color:windowtext;} span.EmailStyle19 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle20 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle21 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- Pardon my jump in here on this old thread but I’ve been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I’d like to start using it but if it is going to cause problems, I’d appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ http://domainsforexchange.net/ *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:36 PM *To:* MS-Exchange Admin Issues *Subject:* Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time
RE: Exchange Certificate
Windows Mobile prior to version 6 do not support wildcard certificates. That will mean you cannot use the certificate to secure Exchange ActiveSync. Simon. From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: 12 June 2008 15:45 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Thanks. If that is the main problem, we'll be ok for now. No active sync going on here. -Original Message- From: wjh [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 11:04 AM To: MS-Exchange Admin Issues Subject: Re: Exchange Certificate It can make using activesync with windows mobile to sync with exchange difficult or impossible, depending on the device/carrier. Glen Johnson wrote: !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Arial Rounded MT Bold; panose-1:2 15 7 4 3 5 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:Calibri,sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} span.EmailStyle18 {mso-style-type:personal; font-family:Calibri,sans-serif; color:windowtext;} span.EmailStyle19 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle20 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle21 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ http://domainsforexchange.net/ *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL
Re: Exchange Certificate
Only one I've seen is WM5 devices don't like it On Thu, Jun 12, 2008 at 7:44 AM, Glen Johnson [EMAIL PROTECTED] wrote: Pardon my jump in here on this old thread but I've been on vacation for a while and just now catching up. Care to elaborate on the comment about wildcard cert problems? We just purchased one and I'd like to start using it but if it is going to cause problems, I'd appreciate any heads-up you can share. Thanks. Glen. *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 1:23 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ -- *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* 28 May 2008 17:55 *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE *Windows Systems Administrator* [EMAIL PROTECTED] 517-884-5469 *From:* Michael B. Smith [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:47 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com *From:* Ehren Benson [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, May 28, 2008 12:36 PM *To:* MS-Exchange Admin Issues *Subject:* Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE *Windows Systems Administrator* Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
www.comodo.com do cheap certs compared to VeriSign, you need to add a trusted root cert as well as the base cert, all the documentation on the ms site will do just fine for the set up, and the Comodo site has some good docs as well, create the request, get the cert, and install in accordance with the instructions, no more warnings in IE Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:36 To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 __ This email has been scanned by the MessageLabs Email Security System. __ __ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
I used Digicert for mine. They have a tool on their web site that allows you to simply fill in the blanks and it spits out the necessary PowerShell for creating the request. Very simple and well priced. Tim From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 11:36 AM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
www.certificatesforexchange.com Like Comodo, you'll probably need to grab their root certificate as well. But for $25-30 you get a trusted certificate that works just as well as the expensive ones. Roger Wright From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-c lient-access/securing-exchange-2007-client-access-server-3rd-party-san-certi ficate.html should tell you all you need to know. I also recommend certificatesforexchange.com, as someone else has already pointed out. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
There isn't a lot to it. Use the wizard on this page to generate the request: https://www.digicert.com/easy-csr/exchange2007.htm You need to include the real name of the server (server), the FQDN of the server (server.domain.local), the OWA address (owa.domain.com) and the autodiscover (autodiscover.domain.com). Most of the SSL providers allow five domains. I usually recommend that the owa address is the main common name. Once you have generated the request command, paste in to PowerShell on the server. You don't have to use Digicert. You can then take the result and use it with your preferred vendor. http://certificatesforexchange.com/ (disclaimer - that is my site) does the certificates for US$59.99/year which are from GoDaddy but are cheaper than GoDaddy are currently selling the certificates for. Don't be tempted to use a wildcard certificate as there can be some issues with their use. After you get the certificate back from the supplier, you need to import the result: http://technet.microsoft.com/en-us/library/bb124424.aspx Finally you can enable the certificate for the services that you require. For that I tend to use PowerGui (http://www.powergui.org) which makes the process quick and easy. For certificate acceptance you will have to adjust the URLs on some services, and ensure that the clients are using the correct URL for access. This is particularly important with POP3 and IMAP which can often not cope with SSL prompts - for example you are using the IP address for the server. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: 28 May 2008 17:55 To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Certificate
I use a standard GoDaddy certificate. It takes a bit of work to get it installed, but once it's there it works like a charm - and you don't need to deal with SAN certificates. Check out: http://support.microsoft.com/?kbid=940726 Jason Tierney, MCSE Vice President, Consulting Services Corporate Network Services Count on Us direct: 240-425-4441 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:59 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html should tell you all you need to know. I also recommend certificatesforexchange.com, as someone else has already pointed out. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Sorry, exchange 2007 Ehren J. Benson, MCSE Windows Systems Administrator [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:47 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Certificate Knowing the version of Exchange would be a great help. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 12:36 PM To: MS-Exchange Admin Issues Subject: Exchange Certificate Hello! I need to get a certificate so that the warnings can go away for IMAP, SMTP and OWA. I have done a bit of reading on this and it seems less than straightforward. Has anyone done this and had an easy or hard time with it? Who did you buy your cert from and do you have any resources that clearly specify how to create the request and then import the cert. I want to have my ducks in a row before I do this because I know just as it can make everything work smoothly it can expediously bring everything to a screeching halt if not done correctly! Thanks Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 517-884-5469 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~