In Exchange messaging systems, not only Outlook Anywhere and Exchange ActiveSync, require that certificates be configured on the server, and access to OWA when there is no certificate configured, there are security warnings.
Certificate enterprises can generally purchase a public network certificate, so that the non-domain-joined computer does not import the ad root certificate, can also be used normally. The purchase of public network certificates generally need to pay yearly, of course, do not buy public network certificate we can also intranet to promulgate their own intranet certificate.
If a public network certificate is purchased, a certificate with a private key is typically in PFX format.
650) this.width=650; "title=" clip_image001 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image001" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhDDcablAAAWxqGa0ug161.png" height= "/>"
We choose to import the certificate
650) this.width=650; "title=" clip_image003 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image003" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhDAm7-iAABxK8m4z6k612.jpg" height= "376"/>
Enter the certificate path and password
650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "Http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhHRdgfKAABw-cvvXz0431.png" height= "333"/>
Choose Import Server, of course two mail server we all choose
650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dhKi2tTyAACHzQ5vJyQ080.jpg" height= "471"/>
The last import success, public network certificate generally do not show the friendly name, here empty is
650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhKxIjdIAABMvYshjuU218.jpg" height= "181"/>
We open the properties and we can see the details of the certificate.
650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image010" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhOREZ-gAACA5qIlnoY374.jpg" height= "475"/>
Select Service page to specify the service for which the certificate is assigned
650) this.width=650; "title=" clip_image011 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image011" src= "Http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhTgfe6SAACSZqncCZ8076.png" height= "555"/>
1. Application for public network certificate
Generally can go to the commercial website to buy public network certificate. If you want to own the experimental environment, or the environment is not high, you can go to the following address to apply for a free multi-domain certificate.
Http://freessl.wosign.com/freessl
650) this.width=650; "title=" clip_image013 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image013" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhTjTit5AAB49-n52Zc823.jpg" height= "225"/>
When a certificate is requested, the mail and Autodiscover prefixes are required for the mailbox, preferably with the FQDN domain name of each mailbox server.
650) this.width=650; "title=" clip_image015 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image015" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhWhQ7ucAACMJA59fYA621.jpg" height= "391"/>
You can retrieve the certificate from the verification mailbox after applying
650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhWTNEZAAADkIRtQL9M594.png" height= "622"/>
Enter a certificate protection password
650) this.width=650; "title=" clip_image017 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image017" src= "Http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhbDmWpRAABPyrc-lPQ807.png" height= "331"/>
Finally retrieve the certificate
650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image018" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhai5dTvAADxOC0BUY8275.png" height= "544"/>
650) this.width=650; "title=" clip_image019 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image019" src= "Http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dheQRhGiAABenx9ydF4201.png" height= "387"/>
2. Create intranet Certificate
We can also make our own intranet certificate
First, you need to install Certificate Services, generally can be installed on the DC
650) this.width=650; "title=" clip_image021 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image021" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhfiWDLZAADtQ4mvQ2M812.jpg" height= "496"/>
Select a service
650) this.width=650; "title=" clip_image023 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image023" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dhjgMOQIAADJY_2tpTI871.jpg" height= "490"/>
Confirm
650) this.width=650; "title=" clip_image025 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image025" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dhnhPXnYAADBH0UpsbY408.jpg" height= "505"/>
After the Certificate Services installation is complete, configure
650) this.width=650; "title=" clip_image027 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image027" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhmAUemaAACmRoOM7mY302.jpg" height= "508"/>
Develop CA type
650) this.width=650; "title=" clip_image029 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image029" src= "Http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dhrg69MIAADNMB4eqR4265.jpg" height= "509"/>
Root CA
650) this.width=650; "title=" clip_image031 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image031" src= "Http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dhuCxQYKAADNYTeQGAA919.jpg" height= "509"/>
Create a new private key
650) this.width=650; "title=" clip_image033 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image033" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dhvStQBGAADghbuToHc645.jpg" height= "508"/>
Develop encryption methods
650) this.width=650; "title=" clip_image035 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image035" src= "Http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dhyxZ36mAADAPAspVxw085.jpg" height= "509"/>
Define the CA name
650) this.width=650; "title=" clip_image037 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image037" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dh2wSAVeAADNX-TXbRE284.jpg" height= "511"/>
Define the certificate validity time
650) this.width=650; "title=" clip_image039 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image039" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dh6z3-SzAACxqeBJpP8500.jpg" height= "513"/>
Specify the path
650) this.width=650; "title=" clip_image041 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image041" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dpfAq8ygAACd3VBf0JI525.jpg" height= "/>"
Configure after confirmation is correct
650) this.width=650; "title=" clip_image043 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image043" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpjQfu5vAADbk3zQ__Q262.jpg" height= "501"/>
After the Certificate Services have been installed, we can request a certificate in Exchange
650) this.width=650; "title=" clip_image045 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image045" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dpiCaACWAACX7NOf-rI651.jpg" height= "505"/>
To define a certificate friendly name
650) this.width=650; "title=" clip_image047 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image047" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dpmiCugBAACNtP1QGZo672.jpg" height= "508"/>
We use a multi-domain certificate and do not apply a wildcard certificate
650) this.width=650; "title=" clip_image049 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image049" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dprgJZA5AACREDHTX1Q676.jpg" height= "507"/>
Select a certificate store server
650) this.width=650; "title=" clip_image051 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image051" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpqD8fCEAACZY0CxeSw990.jpg" height= "510"/>
New Certificate
650) this.width=650; "title=" clip_image053 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image053" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dpvgn1L6AADOpu5841M186.jpg" height= "496"/>
We'll add a few mail servers here.
650) this.width=650; "title=" clip_image055 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image055" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dpyDkRJ2AACqWnw22bY134.jpg" height= "504"/>
Enter certificate information
650) this.width=650; "title=" clip_image057 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image057" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dpySCaW8AAC8RcYeqeY394.jpg" height= "505"/>
Define a certificate Request storage path
650) this.width=650; "title=" clip_image059 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image059" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dp3gXe3KAAC1mF8nsu8763.jpg" height= "502"/>
Now we open the Certificate Request page and select Request Certificate
650) this.width=650; "title=" clip_image061 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image061" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dp7gwWcaAADzmLMi1qk292.jpg" height= "321"/>
Choose as follows
650) this.width=650; "title=" clip_image063 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image063" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dp6j6oj-AACa6WXbLpQ367.jpg" height= "188"/>
Finally enter the request code, template Select Web server
650) this.width=650; "title=" clip_image065 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image065" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dp-xPBXQAAE8DZjD_BM017.jpg" height= "594"/>
Finally, you can download the certificate
650) this.width=650; "title=" clip_image066 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image066" src= "http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dqCTSqAmAACxWD3v25w357.png" height= "286"/>
Back to ECP Certificate page
650) this.width=650; "title=" clip_image068 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image068" src= "http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dqDz5WzNAABQYqWiu-M158.jpg" height= "/>"
Once the download is complete, we have completed the previous certificate hold request
650) this.width=650; "title=" clip_image070 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image070" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dqCzF8UnAACWTSSpBGc329.jpg" height= "326"/>
If the domain policy has not been updated, it will show that the certificate is invalid and can wait a while
650) this.width=650; "title=" clip_image072 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image072" src= "http://s3.51cto.com/wyfs02/M02/83/EC/wKiom1d_dqGQx0acAABoFBlXLTE490.jpg" height= "296"/>
or refresh Group Policy directly
650) this.width=650; "title=" clip_image073 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image073" src= "Http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dqHA_FxVAAAkCeORPf0780.png" height= "141"/>
Last assigned mailbox service
650) this.width=650; "title=" clip_image075 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image075" src= "http://s3.51cto.com/wyfs02/M00/83/EB/wKioL1d_dqKSnyriAACMWLLw1J0091.jpg" height= "464"/>
can confirm the status and assigned services
650) this.width=650; "title=" clip_image077 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image077" src= "http://s3.51cto.com/wyfs02/M00/83/EC/wKiom1d_dqLyYHNeAABT20UJbKM689.jpg" height= "223"/>
Next, export this certificate and use it for other servers
650) this.width=650; "title=" clip_image078 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image078" src= "Http://s3.51cto.com/wyfs02/M01/83/EC/wKiom1d_dqPwUgovAAD9Vqetkwg412.png" height= "467"/>
Import again after import
650) this.width=650; "title=" clip_image080 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image080" src= "http://s3.51cto.com/wyfs02/M02/83/EB/wKioL1d_dqTgwLReAADCDOLbCc4429.jpg" height= "479"/>
Select a server that has not previously imported a certificate
650) this.width=650; "title=" clip_image081 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image081 "src=" Http://s3.51cto.com/wyfs02/M01/83/EB/wKioL1d_dqWQB3FqAADpS6zCdw4955.png "height=" 489 "/>
After importing, specify the service used by the certificate again, so that the intranet certificate is configured.
This article is from the "Iron Fist of the Invincible Speaker" blog, please be sure to keep this source http://yaojiwei.blog.51cto.com/762134/1812732
Microsoft Azure Cloud Enterprise Exchange 2016 Deployment 11-Certificate Configuration