Exchange Server 2007 requires the use of a UCC

Support Notes in using Windows Server 2008

Exchange Server 2007 requires the use of a UCC

Postby stephen » Sun Jul 19, 2009 2:35 pm

Exchange Server 2007 requires the use of a Unified Communications Certificate (UCC)
Easy csr generator
https://www.digicert.com/easy-csr/exchange2007.htm
This article from Scott Lowe was usefull
http://blogs.techrepublic.com.com/datacenter/?p=393
I followed these steps to accomplish my task:

1. Generate the CSR using PowerShell: New-ExchangeCertificate -GenerateRequest -Path c:\mail1.csr -KeySize 1024 -SubjectName “c=US, s=Missouri, l=Fulton, o=Westminster College, ou=Information Technology, cn=mail1.westminster-mo.edu” -DomainName mail1, wcmo.edu, autodiscover, autodiscover.westminster-mo.edu, westminster-mo.edu -PrivateKeyExportable $True
2. Used this CSR to order the new certificate.
3. Imported the new certificate using PowerShell: Import-ExchangeCertificate -Path <path to new certificate>
4. Located the certificate thumbprint for the new certificate using Get-ExchangeCertificate | fl (so I could see the full thumbprint)
5. Enabled the new certificate: Enable-ExchangeCertificate <thumbprint from step 4>
6. Restarted IIS.


This site says that to create a Self Signed certificate we need to install an Enterprise CA on the server.

http://www.eggheadcafe.com/conversation.aspx?messageid=31043212&threadid=31043107
3. From the CAS server, enter http://CA_server/certsrv.

4. Click Request a certificate, then Advanced certificate request, then
Submit a certificate request by using a base-64-encoded CMC or PKCS #10
file.

5. Copy the contents of the certreq.txt file in the field under Saved
Request.

6. Select Web Server under Certificate Template.

7. Click Submit.

8. Click Download certificate and save the CER file to the C: drive.

9. On the CAS server, enter the following in Exchange Management Shell.

import-exchangecertificate -path c:\certnew.cer |
enable-exchangecertificate -services iis

On external Outlook clients, you will also need to install the root
certificate to avoid the security warning.

Note: The easiest method for doing this is to refer to Method 2 in KB
919072. However, instead of selecting the "Automatically select" option,
select "Place all certificates in the following store" and click Browse.
Then select "Trusted Root Certification Authorities" and click Next and
Finish.

You may receive a message in Internet Explorer 6 when you visit an IIS 6.0
Web site that uses a certificate from Microsoft Certificate Services
http://support.microsoft.com/?id=919072

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - http://www.microsoft.com/security


The following site has a good explanation of the domain names used in the certificate request.
How to Generate and Install a Certificate, with Subject Alternative Name entries, for an Exchange 2007 Client Access Server(CAS) server
http://www.exchangeninjas.com/cascert


Here is an explanation on how to Install Enterprise Certificate Authority on a Windows 2008 Server
Note You will need to tick the Certificate Authority Web Enrolment option in the Role Services screen, if you want to register Exchange 2007 certificates
http://windowsserver.trainsignal.com/install-active-directory-certificate-services
stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

Return to Windows Server 2008

Who is online

Users browsing this forum: No registered users and 2 guests

cron