Microsoft Azure Cloud Enterprise Exchange 2016 Deployment 11-Certificate Configuration

Source: Internet
Author: User
Tags freessl

In Exchange messaging systems, not only Outlook Anywhere and Exchange ActiveSync, require that certificates be configured on the server, and access to OWA when there is no certificate configured, there are security warnings.

Certificate enterprises can generally purchase a public network certificate, so that the non-domain-joined computer does not import the ad root certificate, can also be used normally. The purchase of public network certificates generally need to pay yearly, of course, do not buy public network certificate we can also intranet to promulgate their own intranet certificate.

If a public network certificate is purchased, a certificate with a private key is typically in PFX format.

650) this.width=650; "title=" clip_image001 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image001" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhDDcablAAAWxqGa0ug161.png" height= "/>"

We choose to import the certificate

650) this.width=650; "title=" clip_image003 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image003" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhDAm7-iAABxK8m4z6k612.jpg" height= "376"/>

Enter the certificate path and password

650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "Http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhHRdgfKAABw-cvvXz0431.png" height= "333"/>

Choose Import Server, of course two mail server we all choose

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dhKi2tTyAACHzQ5vJyQ080.jpg" height= "471"/>

The last import success, public network certificate generally do not show the friendly name, here empty is

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhKxIjdIAABMvYshjuU218.jpg" height= "181"/>

We open the properties and we can see the details of the certificate.

650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image010" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhOREZ-gAACA5qIlnoY374.jpg" height= "475"/>

Select Service page to specify the service for which the certificate is assigned

650) this.width=650; "title=" clip_image011 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image011" src= "Http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhTgfe6SAACSZqncCZ8076.png" height= "555"/>

1. Application for public network certificate

Generally can go to the commercial website to buy public network certificate. If you want to own the experimental environment, or the environment is not high, you can go to the following address to apply for a free multi-domain certificate.

Http://freessl.wosign.com/freessl

650) this.width=650; "title=" clip_image013 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image013" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhTjTit5AAB49-n52Zc823.jpg" height= "225"/>

When a certificate is requested, the mail and Autodiscover prefixes are required for the mailbox, preferably with the FQDN domain name of each mailbox server.

650) this.width=650; "title=" clip_image015 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image015" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhWhQ7ucAACMJA59fYA621.jpg" height= "391"/>

You can retrieve the certificate from the verification mailbox after applying

650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhWTNEZAAADkIRtQL9M594.png" height= "622"/>

Enter a certificate protection password

650) this.width=650; "title=" clip_image017 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image017" src= "Http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhbDmWpRAABPyrc-lPQ807.png" height= "331"/>

Finally retrieve the certificate

650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image018" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhai5dTvAADxOC0BUY8275.png" height= "544"/>

650) this.width=650; "title=" clip_image019 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image019" src= "Http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dheQRhGiAABenx9ydF4201.png" height= "387"/>

2. Create intranet Certificate

We can also make our own intranet certificate

First, you need to install Certificate Services, generally can be installed on the DC

650) this.width=650; "title=" clip_image021 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image021" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhfiWDLZAADtQ4mvQ2M812.jpg" height= "496"/>

Select a service

650) this.width=650; "title=" clip_image023 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image023" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhjgMOQIAADJY_2tpTI871.jpg" height= "490"/>

Confirm

650) this.width=650; "title=" clip_image025 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image025" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhnhPXnYAADBH0UpsbY408.jpg" height= "505"/>

After the Certificate Services installation is complete, configure

650) this.width=650; "title=" clip_image027 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image027" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhmAUemaAACmRoOM7mY302.jpg" height= "508"/>

Develop CA type

650) this.width=650; "title=" clip_image029 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image029" src= "Http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhrg69MIAADNMB4eqR4265.jpg" height= "509"/>

Root CA

650) this.width=650; "title=" clip_image031 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image031" src= "Http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhuCxQYKAADNYTeQGAA919.jpg" height= "509"/>

Create a new private key

650) this.width=650; "title=" clip_image033 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image033" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dhvStQBGAADghbuToHc645.jpg" height= "508"/>

Develop encryption methods

650) this.width=650; "title=" clip_image035 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image035" src= "Http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dhyxZ36mAADAPAspVxw085.jpg" height= "509"/>

Define the CA name

650) this.width=650; "title=" clip_image037 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image037" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dh2wSAVeAADNX-TXbRE284.jpg" height= "511"/>

Define the certificate validity time

650) this.width=650; "title=" clip_image039 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image039" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dh6z3-SzAACxqeBJpP8500.jpg" height= "513"/>

Specify the path

650) this.width=650; "title=" clip_image041 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image041" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dpfAq8ygAACd3VBf0JI525.jpg" height= "/>"

Configure after confirmation is correct

650) this.width=650; "title=" clip_image043 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image043" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpjQfu5vAADbk3zQ__Q262.jpg" height= "501"/>

After the Certificate Services have been installed, we can request a certificate in Exchange

650) this.width=650; "title=" clip_image045 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image045" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dpiCaACWAACX7NOf-rI651.jpg" height= "505"/>

To define a certificate friendly name

650) this.width=650; "title=" clip_image047 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image047" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dpmiCugBAACNtP1QGZo672.jpg" height= "508"/>

We use a multi-domain certificate and do not apply a wildcard certificate

650) this.width=650; "title=" clip_image049 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image049" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dprgJZA5AACREDHTX1Q676.jpg" height= "507"/>

Select a certificate store server

650) this.width=650; "title=" clip_image051 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image051" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpqD8fCEAACZY0CxeSw990.jpg" height= "510"/>

New Certificate

650) this.width=650; "title=" clip_image053 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image053" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dpvgn1L6AADOpu5841M186.jpg" height= "496"/>

We'll add a few mail servers here.

650) this.width=650; "title=" clip_image055 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image055" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpyDkRJ2AACqWnw22bY134.jpg" height= "504"/>

Enter certificate information

650) this.width=650; "title=" clip_image057 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image057" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dpySCaW8AAC8RcYeqeY394.jpg" height= "505"/>

Define a certificate Request storage path

650) this.width=650; "title=" clip_image059 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image059" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dp3gXe3KAAC1mF8nsu8763.jpg" height= "502"/>

Now we open the Certificate Request page and select Request Certificate

650) this.width=650; "title=" clip_image061 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image061" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dp7gwWcaAADzmLMi1qk292.jpg" height= "321"/>

Choose as follows

650) this.width=650; "title=" clip_image063 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image063" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dp6j6oj-AACa6WXbLpQ367.jpg" height= "188"/>

Finally enter the request code, template Select Web server

650) this.width=650; "title=" clip_image065 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image065" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dp-xPBXQAAE8DZjD_BM017.jpg" height= "594"/>

Finally, you can download the certificate

650) this.width=650; "title=" clip_image066 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image066" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dqCTSqAmAACxWD3v25w357.png" height= "286"/>

Back to ECP Certificate page

650) this.width=650; "title=" clip_image068 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image068" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dqDz5WzNAABQYqWiu-M158.jpg" height= "/>"

Once the download is complete, we have completed the previous certificate hold request

650) this.width=650; "title=" clip_image070 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image070" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dqCzF8UnAACWTSSpBGc329.jpg" height= "326"/>

If the domain policy has not been updated, it will show that the certificate is invalid and can wait a while

650) this.width=650; "title=" clip_image072 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image072" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dqGQx0acAABoFBlXLTE490.jpg" height= "296"/>

or refresh Group Policy directly

650) this.width=650; "title=" clip_image073 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image073" src= "Http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dqHA_FxVAAAkCeORPf0780.png" height= "141"/>

Last assigned mailbox service

650) this.width=650; "title=" clip_image075 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image075" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dqKSnyriAACMWLLw1J0091.jpg" height= "464"/>

can confirm the status and assigned services

650) this.width=650; "title=" clip_image077 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image077" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dqLyYHNeAABT20UJbKM689.jpg" height= "223"/>

Next, export this certificate and use it for other servers

650) this.width=650; "title=" clip_image078 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image078" src= "Http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dqPwUgovAAD9Vqetkwg412.png" height= "467"/>

Import again after import

650) this.width=650; "title=" clip_image080 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image080" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dqTgwLReAADCDOLbCc4429.jpg" height= "479"/>

Select a server that has not previously imported a certificate

650) this.width=650; "title=" clip_image081 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image081 "src=" Http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dqWQB3FqAADpS6zCdw4955.png "height=" 489 "/>

After importing, specify the service used by the certificate again, so that the intranet certificate is configured.

This article is from the "Iron Fist of the Invincible Speaker" blog, please be sure to keep this source http://yaojiwei.blog.51cto.com/762134/1812732

Microsoft Azure Cloud Enterprise Exchange 2016 Deployment 11-Certificate Configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.