Exchange2013 ( i ) Configuring Certificates
Exchange Server Configuration certificate and The process is not the same, the following configuration certificate of the process to write. A DC in this test environment , a exchange2013all in one server. the DC acts as a Certificate server.
The process is divided into the following steps
First, deploy the certificate Server
The following installs the Certificate Server into In the DC , some procedures in the deployment do not have a legend, many for the settings remain the default
1.1 Add "Roles" and select "activedirectory Certificate Services"
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7B/12/wKiom1bGgXygUhHmAAJBtdNgTb8909.jpg "title=" 1.jpg " Width= "730" height= "518" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:518px;" alt= " Wkiom1bggxyguhhmaajbtdngtb8909.jpg "/>
1.2 Because the administrator login is used, the maximum permissions. Users are created individually and given permissions in the production environment, and do not operate directly with the administrator.
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/7B/12/wKiom1bGgaCjpiD3AAHX4SNOjJ4101.jpg "title=" 2.jpg " Width= "730" height= "518" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:518px;" alt= " Wkiom1bggacjpid3aahx4snojj4101.jpg "/>
1.3 Select Configure ActiveDirectory Certificate Server on the destination server
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/7B/12/wKiom1bGgbGSSRRhAAJCQfk2gP8010.jpg "title=" 3.jpg " Width= "730" height= "518" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:518px;" alt= " Wkiom1bggbgssrrhaajcqfk2gp8010.jpg "/>
1.4 logged in with an administrator user, leave the default option, and the domain administrator will not be used to log in in the production environment
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/12/wKioL1bGgpHRFNPUAAHBuaNZHZE979.jpg "title=" 4.jpg " Width= "730" height= "529" border= "0" hspace= "0" vspace= "0" style= "WIDTH:730PX;HEIGHT:529PX;" alt= " Wkiol1bggphrfnpuaahbuanzhze979.jpg "/>
1.5 is checked as this Certificate Server will serve the WEB server
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7B/13/wKiom1bGgqywM93KAAFxzRkVEGk401.jpg "title=" 5.jpg " Width= "730" height= "529" border= "0" hspace= "0" vspace= "0" style= "WIDTH:730PX;HEIGHT:529PX;" alt= " Wkiom1bggqywm93kaafxzrkvegk401.jpg "/>
1.6 Enterprise CA remains default, Enterprise CA Domain-joined computers automatically install the certificate
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/7B/12/wKioL1bGgymQPmm7AAHhJyCnEts988.jpg "title=" 6.jpg " Width= "730" height= "533" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:533px;" alt= " Wkiol1bggymqpmm7aahhjycnets988.jpg "/>
1.7 Root CA remains the default, simply enable the certificate feature in the Environment Select this option
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/7B/13/wKiom1bGgunwlIu_AAIEs63ZnoA998.jpg "title=" 7.jpg " Width= "730" height= "529" border= "0" hspace= "0" vspace= "0" style= "WIDTH:730PX;HEIGHT:529PX;" alt= "wkiom1bggunwliu_ Aaies63znoa998.jpg "/>
1.8 Creating a new private key remains the default
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/7B/13/wKiom1bGg9uzLlyzAAIsdPwf8wA035.jpg "title=" 8.jpg " Width= "730" height= "533" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:533px;" alt= " Wkiom1bgg9uzllyzaaisdpwf8wa035.jpg "/>
1.9 Encryption algorithm remains the default
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/7B/13/wKiom1bGg-_Td0BrAAGlGLYaYRY359.jpg "title=" 9.jpg " Width= "730" height= "533" border= "0" hspace= "0" vspace= "0" style= "width:730px;height:533px;" alt= "wkiom1bgg-_ Td0braaglglyayry359.jpg "/>
1.10 CA name free fill
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/7B/13/wKiom1bGhBOA6BaeAAIN4SDq8Cs195.jpg "title=" 10.jpg "Width=" 730 "height=" 533 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:533px; "alt=" Wkiom1bghboa6baeaain4sdq8cs195.jpg "/>
1.11 validity remains the default, Microsoft's product cycle is typically 5 years
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/7B/13/wKioL1bGhI7CIQV2AAFlUYuQo3U115.jpg "title=" 11.jpg "Width=" 730 "height=" 533 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:533px; "alt=" Wkiol1bghi7ciqv2aafluyuqo3u115.jpg "/>
1.12 Configuration succeeded
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/7B/13/wKiom1bGhDvT-fMFAAFVo7lYu1c728.jpg "title=" 12.jpg "Width=" 730 "height=" 533 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:533px; "alt=" Wkiom1bghdvt-fmfaafvo7lyu1c728.jpg "/>
II. Create a certificate request file
2.1 Open a certification authority
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7B/13/wKioL1bGhMvAcBf2AAGN4ngdPI4625.jpg "title=" 13.jpg "Width=" 730 "height=" 533 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:533px; "alt=" Wkiol1bghmvacbf2aagn4ngdpi4625.jpg "/>2.2 as shown in the settings
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/13/wKiom1bGhHnTCsR3AAJQuTVIVCg929.jpg "title=" 14.jpg "Width=" 730 "height=" 338 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:338px; "alt=" Wkiom1bghhntcsr3aajqutvivcg929.jpg "/>
2.3 Set a public folder on the CAS server to set permissions that are used to store the files generated when the following Operation
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7B/13/wKiom1bGhJXyEuifAAKYhOPt9Xg502.jpg "title=" 15.jpg "Width=" 730 "height=" 408 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:408px; "alt=" Wkiom1bghjxyeuifaakyhopt9xg502.jpg "/>
2.4 Open the Exchange server control Center, as you can see
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7B/13/wKiom1bGhKixY2riAAMQ5rmvPKg098.jpg "title=" 16.jpg "Width=" 730 "height=" 518 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:518px; "alt=" Wkiom1bghkixy2riaamq5rmvpkg098.jpg "/>
2.5 Create a new Exchange certificate such as
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M00/7B/13/wKiom1bGhMTi-umSAAJNC66SrLg912.jpg "title=" 17.jpg "Width=" 730 "height=" 453 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:453px; "alt=" Wkiom1bghmti-umsaajnc66srlg912.jpg "/>
2.6 Fill in the name of the certificate, no need for easy memory
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M02/7B/13/wKioL1bGhUnizo2WAAEz82pCGT0968.jpg "title=" 18.jpg "alt=" Wkiol1bghunizo2waaez82pcgt0968.jpg "/>
2.7 does not enable a wildcard certificate, such as
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7B/13/wKioL1bGhVyRtfdsAAFho3bRfp0129.jpg "title=" 19.jpg "alt=" Wkiol1bghvyrtfdsaafho3brfp0129.jpg "/>
2.8 as set
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7B/13/wKioL1bGhWqApcLjAAFkOAqU-uU373.jpg "title=" 20.jpg "alt=" Wkiol1bghwqapcljaafkoaqu-uu373.jpg "/>
2.9 If you fill in the mail domain of the public network , the default is < unspecified >
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/7B/13/wKioL1bGhXzDMGQEAAHAiY1V4Mc987.jpg "title=" 21.jpg "alt=" Wkiol1bghxzdmgqeaahaiy1v4mc987.jpg "/>
2.10 such as Mail,AutoDiscover and other domain names are displayed in the list
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M00/7B/13/wKioL1bGhY_yuR0QAAFZi1rAIZU389.jpg "title=" 22.jpg "alt=" Wkiol1bghy_yur0qaafzi1raizu389.jpg "/>
2.11 Fill in the certificate information, no requirements for easy memory
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/13/wKioL1bGhaGjn4LsAAGD9eYrj-c628.jpg "title=" 23.jpg "alt=" Wkiol1bghagjn4lsaagd9eyrj-c628.jpg "/>
2.12 Save The req file, this path is the public shared folder created on the previous CAS , where you want to fill in the Fqdn
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M02/7B/13/wKiom1bGhU_DToSFAAG0ByJZTHU029.jpg "title=" 24.jpg "alt=" Wkiom1bghu_dtosfaag0byjzthu029.jpg "/>
2.13 saved to the public folder in CAS
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/7B/13/wKioL1bGh5KCfL3PAADj3PDlNtM169.jpg "title=" 25.jpg "alt=" Wkiol1bgh5kcfl3paadj3pdlntm169.jpg "/>
III. Certificate of Application
3.1 in DC 's browser input http://localhost/certsrv, click the "Request a certificate" hyperlink
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/7B/13/wKiom1bGh4rha8PfAAKXeGhS7yw586.jpg "title=" 26.jpg "Width=" 730 "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:300px; "alt=" Wkiom1bgh4rha8pfaakxeghs7yw586.jpg "/>
3.2 Click the Advanced certificate Request Hyperlink
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/7B/13/wKiom1bGiTSTw2YfAAFb-ySt-4Q251.jpg "title=" 27.jpg "Width=" 730 "height=" 207 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:207PX; "alt=" Wkiom1bgitstw2yfaafb-yst-4q251.jpg "/>
3.3 Click the use base64hyperlink
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/7B/13/wKiom1bGiUmgnknmAAHsnVw4WGw635.jpg "title=" 28.jpg "Width=" 730 "height=" 209 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:209PX; "alt=" Wkiom1bgiumgnknmaahsnvw4wgw635.jpg "/>
3.4 Use Notepad to open the request.req certificate request file that you just exported to CAS . Copy all the contents of the selection
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7B/13/wKioL1bGic6RIZQdAAYWrD9dXGs101.jpg "title=" 29.jpg "Width=" 730 "height=" 575 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:575px; "alt=" Wkiol1bgic6rizqdaaywrd9dxgs101.jpg "/>
3.5 paste into the Saved requests text box, certificate templates SelectWeb server, click Submit
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/13/wKioL1bGieazKxNCAAMLLv3RPpI370.jpg "title=" 30.jpg "Width=" 730 "height=" 477 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:477PX; "alt=" Wkiol1bgieazkxncaamllv3rppi370.jpg "/>
3.6 Click "Download Certificate" hyperlink, click "Save" to save certnew.cer certificate file to CAS
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/7B/13/wKioL1bGif7DrG4ZAANMmUV4oIM718.jpg "title=" 31.jpg "Width=" 730 "height=" 575 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:575px; "alt=" Wkiol1bgif7drg4zaanmmuv4oim718.jpg "/>
Iv. Allocation of services
4.1 completing a shelve request
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/7B/13/wKiom1bGibvxptIcAAILMs0Zd9A498.jpg "title=" 32.jpg "Width=" 730 "height=" 537 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:537PX; "alt=" Wkiom1bgibvxpticaailms0zd9a498.jpg "/> 4.2 Enter the path to the Certnew.cer certificate file you just exported
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/7B/13/wKioL1bGij2iCvb2AAFfO1zy3qc969.jpg "title=" 33.jpg "alt=" Wkiol1bgij2icvb2aaffo1zy3qc969.jpg "/>
4.3 completing a shelve request
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7B/13/wKioL1bGimyB1FaIAAIZn-t4PzA115.jpg "title=" 34.jpg "Width=" 730 "height=" 541 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:541px; "alt=" Wkiol1bgimyb1faiaaizn-t4pza115.jpg "/>
4.4 for the Certificate Assignment service, double-click mail.satid.cn, select the "Services" option, such as Tick
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/7B/14/wKiom1bGiirCaCOtAAFLbC_NVk8148.jpg "title=" 35.jpg "Width=" 730 "height=" 629 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:629PX; "alt=" Wkiom1bgiircacotaaflbc_nvk8148.jpg "/>
4.5 Confirm Overwrite
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/13/wKioL1bGiqeji44AAAG-tpYkdvg772.jpg "title=" 36.jpg "Width=" 730 "height=" 629 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:730PX;HEIGHT:629PX; "alt=" Wkiol1bgiqeji44aaag-tpykdvg772.jpg "/>4.6 Assignment Service Acknowledgement
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7B/14/wKiom1bGiumS5OtMAAExP7PRBPA253.jpg "title=" 37.jpg "Width=" 730 "height=" 462 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:462px; "alt=" Wkiom1bgiums5otmaaexp7prbpa253.jpg "/>
4.7 Deleting a self-signed certificate
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/7B/14/wKiom1bGixGhE45AAAEhlmdg3H8950.jpg "title=" 38.jpg "alt=" wkiom1bgixghe45aaaehlmdg3h8950.jpg "/>
4.12OWA and Outlook2013 testing
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7B/14/wKiom1bGizCA0RRLAAJKEVZ_CUw199.jpg "title=" 39.jpg "Width=" 730 "height=" 518 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:518px; "alt=" Wkiom1bgizca0rrlaajkevz_cuw199.jpg "/>
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7B/14/wKioL1bGkNGCtqUTAAKb4s-Ct_M171.jpg "title=" 40.jpg "Width=" 730 "height=" 518 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:518px; "alt=" Wkiol1bgkngctqutaakb4s-ct_m171.jpg "/>
This article is from the "Zhao Dongwei Learning record" blog, so be sure to keep this source http://zhaodongwei.blog.51cto.com/4233742/1743303
Exchange 2013 (i) Configuring certificates