Home > Others

Exchange server2013 Series 10: Certificate Configuration

Source: Internet
Author: User
Tags pfx file
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Exchange server2013 Series 10: Certificate Configuration

Du Fei

After the preceding configuration, you can perform simple email communication. However, when you connect to your mailbox through OWA, the following message is displayed:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074758YOf.png "width =" 427 "Height =" 288 "/>

Other services, such as outlook anywhere and exchange ActiveSync, also require configuring certificates on the exchange 2013 server. Next let's take a look at the certificate Configuration:

First, we need to install the internal ca. Here, I will install Ca on DC01.

Select the ad certificate service, as shown in:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475woHM.png "width =" 479 "Height =" 408 "/>

Then, after the next step, select the Certificate Authority and Certificate Authority web registration shown in.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074755tgD.png "width =" 465 "Height =" 409 "/>

Wait a moment and wait until the Certificate Authority is installed successfully. Next, you need to configure the Certificate Service.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475X1zF.png "width =" 459 "Height =" 399 "/>

After the next step, the following page is displayed:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074750cAn.png "width =" 609 "Height =" 329 "/>

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475EXM9.png "width =" 371 "Height =" 215 "/> 650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475SlEP.png "width =" 453 "Height =" 202 "/>

Select Enterprise CA-Root CA. The basic options are basically the default.

Again, apply for a certificate for the exchange CAS role:

Log on to the EAC ---- server ---- certificate, make sure that the client access server is selected in the "Select Server" field, and then click "new" 650) This. width = 650; "Title =" add icon "alt =" add icon "src =" http:// I .technet.microsoft.com/dynimg/IC607831.gif "/>.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475MMwq.png "width =" 647 "Height =" 450 "/>

In the new exchange certificate wizard, select create a request to obtain a certificate from the certificate authority, and then click Next ".

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476DRic.png "width =" 406 "Height =" 215 "/>

Specify the Certificate Name and click "Next ".

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476Ur8X.png "width =" 536 "Height =" 392 "/>

Leave this page blank if you do not want to apply for a wildcard certificate. Click "Next ".

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476XLj0.png "width =" 546 "Height =" 162 "/>

Click Browse to specify the Exchange server used to store the certificate. The server you selected should be an Internet-oriented Client Access Server. Click "Next ".

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476WhVF.png "width =" 695 "Height =" 155 "/>

Verify that the name of the external or internal server that the user uses to connect to the Exchange Server is correct for each service displayed in the list.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476Dury.png "width =" 530 "Height =" 338 "/>

Add any other domains you want to include in the SSL certificate. For example, this example adds a series of domain names related to dudangdang.com and cas02.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476aqQz.png "width =" 595 "Height =" 506 "/>

Select a public domain name:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476ktym.png "width =" 455 "Height =" 322 "/>

Enter basic information.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476s28G.png "width =" 385 "Height =" 346 "/>

Save the certificate request to the shared folder:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476yKB2.png "width =" 549 "Height =" 224 "/>

Then, visit http: // 10.41.4.210/certsrv (CA) in the browser and select apply for certificate --- Advanced Certificate Application --- apply for a certificate using base64 encoding. When this occurs, submit 650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477OJCt.png "width =" 815 "Height =" 543 "/>

After submission, the following page is displayed:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074770Eb1.png "width =" 511 "Height =" 308 "/>

Select: Download the certificate. Save to the specified location, such as c :\.

Then, complete the hold request and click "finish", as shown in:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477asYj.png "width =" 678 "Height =" 498 "/>

Specify the downloaded certificate file:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477yw7B.png "width =" 658 "Height =" 261 "/>

Then, you can see that the certificate has become valid (if it is still invalid, You need to import the CA certificate), select the certificate, Edit

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074777URL.png "width =" 563 "Height =" 354 "/>

Next, assign a service: on the certificate page, click "service ". Select the service you want to assign to this certificate. At least, select "SMTP" and "IIS ". Click Save ". If you receive the warning "Overwrite existing default SMTP certificate ?", Click Yes ".

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477X74g.png "width =" 565 "Height =" 446 "/>

Because we have two CAS servers, We need to export the certificate we just applied for on cas01 and then import it on cas02. As shown in:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074779Kkb.png "width =" 432 "Height =" 223 "/>

Specify the path file name and password for the exported file: Save it to cas02.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541jzYb.png "width =" 514 "Height =" 298 "/>

Then, switch to the DF-CAS02 and import the certificate:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541PMxr.png "width =" 488 "Height =" 298 "/>

Then, specify the shared path and password of the pfx file:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049075413ttu.png "width =" 324 "Height =" 216 "/>

Then, select the server on which the certificate is applied:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541EZAf.png "width =" 516 "Height =" 335 "/>

Then, the server also needs to allocate services for the certificate, as shown in the same method.

The verification method is also very simple. Access OWA again. If the warning information starting with this document is not displayed, it will be OK.

This article is from the "du Fei" blog, please be sure to keep this source http://dufei.blog.51cto.com/382644/1436436

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
microsoft exchange spam filter configuration install ssl certificate exchange 2010 samsung series 10 tv sony core series 10 exchange 2013 wildcard certificate outlook anywhere windows 10 pc configuration how to generate pkcs 10 certificate request

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More