Exchange 2013 Configuration Certificate

Source: Internet
Author: User
Tags in domain ssl certificate

Configuring certificates

Estimated time to complete: 10-15 minutes (excluding the response time of the certification authority)

Some services, such as Outlook ubiquitous and exchange ActiveSync, require that certificates be configured on Exchange 2013 servers. The following steps show you how to configure an SSL certificate from a third-party certification authority (CA).

CA CA WEB

What should I do?

  1. Browse to the URL of your client Access server and open the EAC. For example, Https://Ex13CAS/ECP.

  2. Browse to the URL of your client Access server and open the EAC. For example, Https://Ex13/ECP.

  3. Enter your user name and password in domain \ user name and password, and then click Sign In.

  4. Go to "Server" > "Certificates". On the Certificates page, make sure that the Client Access server is selected in the Select Server field, and then click New 650) this.width=650; title= add icon alt= add icon src= i-technet.sec.s-msft.com/zh-cn/exdeploy2013/jj874084.c1e75329-d6d7-4073-a27d-498590bbb558 (v=exchg.150). gif? state=3215-w-cabeigaaqaagaaeaaqaaaaeaaaaawamaaaa%7e "/>.

  5. In the New Exchange Certificate Wizard, select Create a request to obtain a certificate from a certification authority , and then click Next.

  6. Specify a name for this certificate, and then click Next.

  7. If you want to request a wildcard certificate, select Request a wildcard certificate , and then specify the root domain of all subdomains in the root domain field. If you do not want to request a wildcard certificate, but you want to specify each domain that you want to add to the certificate, leave the page blank. Click Next.

  8. Click Browse to specify the Exchange server that is used to store the certificate . The server you select should be an Internet-facing client Access server . Click Next.

  9. For each service shown in the list, verify that the external or internal server name that the user will use to connect to the Exchange server is correct. For example:

    • If you configure the same internal URL and external URL , Outlook Web App (accessed from the Internet) and Outlook Web App (accessed from Intranet) should display owa.contoso.com. The OAB (accessed from the Internet) and OAB (accessed from Intranet) should display mail.contoso.com.

    • If the internal URL is configured as internal.contoso.com, Outlook Web App (accessed from the Internet) should display owa.contoso.com, "Outlook Web App (accessed from Intranet)" should Displays the internal.contoso.com.

    These domains will be used to create SSL certificate requests. Click Next.

  10. Add any other domains that you want to include in the SSL certificate.

  11. Select the domain that you want to use as the common name for the certificate, and then click Set as common name. For example, contoso.com. Click Next.

  12. Provides information about your organization. This information will be included in the SSL certificate. Click Next.

  13. Specifies the network location where this certificate request is to be saved. Click Finish.

After you save the certificate request, submit the request to your certification authority (CA). The agency may be an internal CA or a third-party CA, depending on your organization. Clients that connect to the client Access server must trust the CA that you are using. After you obtain a certificate from a CA , you need to request a certificate from the CA. Please complete the following steps:

    1. In the EAC, on the Servers > certificates page, select the certificate request that you created in the previous step.

    2. In the details pane of the certificate request, click Finish under status.

    3. On the wait for completing the request page, specify the path to the SSL certificate file, and then click OK.

    4. Select the new certificate that you just added, and then click Edit 650) this.width=650; title= Edit icon alt= Edit icon src= https://i-technet.sec.s-msft.com/zh-CN/ EXDEPLOY2013/JJ874084.6F53CCB2-1F13-4C02-BEA0-30690E6EA71D (v=exchg.150). gif?state=3215- w-cabeigaaqaagaaeaaqaaaaeaaaaawamaaaa%7e "/>.

    5. On the Certificates page, click Services.

    6. Select the service you want to assign to this certificate . At a minimum, you should select "SMTP" and "IIS". Click Save.

    7. If you receive the warning "Do you want to overwrite the existing default SMTP certificate?", click Yes.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/7E/ Wkiol1husfqr9addaad389tgyre436.png "" 644 "height=" 425 "/>

* Friendly name for this certificate:

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/82/ Wkiom1husfvyrg3saacmamznona012.png "" 582 "height=" 194 "/>

Request a wildcard certificate. A wildcard certificate can be used to secure all subdomains under the root domain using a single certificate. Learn More

* Root domain:

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/82/ Wkiom1husfytcrdxaacqfqx8ppa262.png "" 588 "height=" 227 "/>

* Store the certificate request on this server:

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/7E/wKioL1huSfyQbpS_ Aacf8ct2lnq560.png "" 579 "height=" 218 "/>

Specifies the domain to include in the certificate.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/8C/82/ Wkiom1husf2ywlhoaaekc18nerk634.png "" 630 "height=" 484 "/>

Depending on your selection, the following domains will be included in the certificate. You can add additional domains here, or make changes

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/8C/7E/wKioL1huSf6RJar7AAC_-Aa7_ Lg718.png "" 644 "height=" 411 "/>

Specify information about your organization. This information is required by the certification authority

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/82/wKiom1huSf_zTO5cAACvCN4he_ G420.png "" 644 "height=" 411 "/>

* Save the certificate request to the following file (example: \\myservername\share\mycertrequest. REQ):

\\dc1\share\Exchange_mail_req.req

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/8C/82/wKiom1huSf_g_ Tz9aacsb8uulao676.png "" 644 "height=" 224 "/>

http://dc1/certsrv/

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/7E/ Wkiol1husgdyjzk9aaejv9olm7q164.png "" 644 "height=" 328 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/7E/ Wkiol1husggy2decaacxpaykh-i306.png "" 602 "height=" 238 "/>

Web server

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/8C/7E/ Wkiol1husglho0t9aacpf50zmrw585.png "" 644 "height=" 225 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/82/ Wkiom1husgoayvkvaade-gf3ils565.png "" 644 "height=" 304 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/82/ Wkiom1husgpt3s1gaacusvyzvq8507.png "" 644 "height=" 323 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/7E/ Wkiol1husgtht8osaabonvfdxio752.png "" 410 "height=" 314 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/7E/ Wkiol1husgxzxvtbaacghfosmyu199.png "" 644 "height=" 305 "/>

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; margin:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/82/ Wkiom1husgxhivsnaaeu4sce-vq256.png "" 467 "height=" 341 "/>

How do I know this works?

To verify that the new certificate was added successfully, do the following:

    1. In the EAC, go to Servers > certificates.

    2. Select the new certificate, and then in the Certificate details pane, verify that the following information is accurate:

      • "Status" shows "active".

      • "Assigned to service" displays at least "IIS" and "SMTP".

Do you have any questions? Please ask for help in the Exchange forum. Please visit the following forums: Exchange Server, Exchange online, or Exchange online Protection.

https://technet.microsoft.com/zh-cn/exdeploy2013/PrintChecklist?state=3215-W-CABEIgAAQAAgAAEAAQAAAAEAAAAAwAMAAAA%7e

Exchange 2013 Configuration Certificate

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.