Wednesday, August 21, 2013

How to Configure Exchange 2010 Self Certificate Part#1

We will configure Exchange 2010 Self Certificate to be used in our LAB , the LAB Environment we will be performing several tasks , including configuring your own certificate authority and creating CR from exchange 2010 servers are part of our goal on this article.

We will at the end install the local certificate and I will show you how to import that into your own laptops etc. to avoid seeing certificate is not trusted warning. The steps you would do are same if you were the AD engineer to manage internal CA authority for your internal usage.

  • Windows 2008 R2 Forest/Domain
  • DC1 ( Domain Controller, Certificate authority server)
  • E1 ( Exchange 2010 , Multi Role DAG member)
  • E2 ( Exchange 2010 , Multi Role DAG member)
  • Windows 7 Workstation ( Domain member)

Working Steps:

  1. Install Certificate authority on the Domain Controller for your domain

Open Server manager, by typing Servermanager.msc

Roles, add roles,

clip_image001

clip_image002

Select Active Directory Certificate Services

clip_image003

Click Next

When it is asked select add required roles and click next when you ready

clip_image004

Enterprise

clip_image005

Root CA

clip_image006

Create a new Private key

clip_image007

Click next ( don’t need to change anything here)

clip_image008

Click next

clip_image009

Click next ( 5 years is good enough normally adjust if you like )

clip_image010

Click next ( pay attention here where will have the databases) if this was production implementation you would certainly

Take a note of this directory

clip_image011

Next

clip_image012

Next

clip_image013

Finally Install

clip_image014

Now open IIS on the same ( server) click start and type "Inetmgr " hit enter.

clip_image015

Expand default website and locate directory called " CerSrv" on the right pane, click on "Browse"

clip_image016

Now you may want to add this into Bookmark of your browser

clip_image017

Part 2 we will generate certificate request from Exchange 2010 servers

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

No comments: