Exchange server2013 Series 10: Certificate Configuration
Du Fei
After the preceding configuration, you can perform simple email communication. However, when you connect to your mailbox through OWA, the following message is displayed:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074758YOf.png "width =" 427 "Height =" 288 "/>
Other services, such as outlook anywhere and exchange ActiveSync, also require configuring certificates on the exchange 2013 server. Next let's take a look at the certificate Configuration:
First, we need to install the internal ca. Here, I will install Ca on DC01.
Select the ad certificate service, as shown in:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475woHM.png "width =" 479 "Height =" 408 "/>
Then, after the next step, select the Certificate Authority and Certificate Authority web registration shown in.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074755tgD.png "width =" 465 "Height =" 409 "/>
Wait a moment and wait until the Certificate Authority is installed successfully. Next, you need to configure the Certificate Service.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475X1zF.png "width =" 459 "Height =" 399 "/>
After the next step, the following page is displayed:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074750cAn.png "width =" 609 "Height =" 329 "/>
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475EXM9.png "width =" 371 "Height =" 215 "/> 650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475SlEP.png "width =" 453 "Height =" 202 "/>
Select Enterprise CA-Root CA. The basic options are basically the default.
Again, apply for a certificate for the exchange CAS role:
Log on to the EAC ---- server ---- certificate, make sure that the client access server is selected in the "Select Server" field, and then click "new" 650) This. width = 650; "Title =" add icon "alt =" add icon "src =" http:// I .technet.microsoft.com/dynimg/IC607831.gif "/>.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907475MMwq.png "width =" 647 "Height =" 450 "/>
In the new exchange certificate wizard, select create a request to obtain a certificate from the certificate authority, and then click Next ".
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476DRic.png "width =" 406 "Height =" 215 "/>
Specify the Certificate Name and click "Next ".
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476Ur8X.png "width =" 536 "Height =" 392 "/>
Leave this page blank if you do not want to apply for a wildcard certificate. Click "Next ".
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476XLj0.png "width =" 546 "Height =" 162 "/>
Click Browse to specify the Exchange server used to store the certificate. The server you selected should be an Internet-oriented Client Access Server. Click "Next ".
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476WhVF.png "width =" 695 "Height =" 155 "/>
Verify that the name of the external or internal server that the user uses to connect to the Exchange Server is correct for each service displayed in the list.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476Dury.png "width =" 530 "Height =" 338 "/>
Add any other domains you want to include in the SSL certificate. For example, this example adds a series of domain names related to dudangdang.com and cas02.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476aqQz.png "width =" 595 "Height =" 506 "/>
Select a public domain name:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476ktym.png "width =" 455 "Height =" 322 "/>
Enter basic information.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476s28G.png "width =" 385 "Height =" 346 "/>
Save the certificate request to the shared folder:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907476yKB2.png "width =" 549 "Height =" 224 "/>
Then, visit http: // 10.41.4.210/certsrv (CA) in the browser and select apply for certificate --- Advanced Certificate Application --- apply for a certificate using base64 encoding. When this occurs, submit 650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477OJCt.png "width =" 815 "Height =" 543 "/>
After submission, the following page is displayed:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074770Eb1.png "width =" 511 "Height =" 308 "/>
Select: Download the certificate. Save to the specified location, such as c :\.
Then, complete the hold request and click "finish", as shown in:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477asYj.png "width =" 678 "Height =" 498 "/>
Specify the downloaded certificate file:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477yw7B.png "width =" 658 "Height =" 261 "/>
Then, you can see that the certificate has become valid (if it is still invalid, You need to import the CA certificate), select the certificate, Edit
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074777URL.png "width =" 563 "Height =" 354 "/>
Next, assign a service: on the certificate page, click "service ". Select the service you want to assign to this certificate. At least, select "SMTP" and "IIS ". Click Save ". If you receive the warning "Overwrite existing default SMTP certificate ?", Click Yes ".
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907477X74g.png "width =" 565 "Height =" 446 "/>
Because we have two CAS servers, We need to export the certificate we just applied for on cas01 and then import it on cas02. As shown in:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049074779Kkb.png "width =" 432 "Height =" 223 "/>
Specify the path file name and password for the exported file: Save it to cas02.
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541jzYb.png "width =" 514 "Height =" 298 "/>
Then, switch to the DF-CAS02 and import the certificate:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541PMxr.png "width =" 488 "Height =" 298 "/>
Then, specify the shared path and password of the pfx file:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_14049075413ttu.png "width =" 324 "Height =" 216 "/>
Then, select the server on which the certificate is applied:
650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/9/382644_1404907541EZAf.png "width =" 516 "Height =" 335 "/>
Then, the server also needs to allocate services for the certificate, as shown in the same method.
The verification method is also very simple. Access OWA again. If the warning information starting with this document is not displayed, it will be OK.
This article is from the "du Fei" blog, please be sure to keep this source http://dufei.blog.51cto.com/382644/1436436