Options

Exchange server certificate

JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
in Off-Topic
Hi guys, this post might not have enough information because I'm not sure how it is done, but I need to know how to get a certificate for an Exchange 2007 server? What's the procedure to get one? Where I work they have to renew it every year, now they want to just buy one so that they don't have to renew it every year. Is this possible?
· Share on FacebookShare on Twitter

Comments

  • Options
    it_consultantit_consultant Member Posts: 1,903
    Read:

    SSL Certificate Support - Cert Installation Tutorial
    · Share on FacebookShare on Twitter
  • Options
    JBrownJBrown Member Posts: 308
    Cheap SSL Cert is with GoDaddy, expansive one is with Verisign, You can buy it for 1-10 years, price depends on the company, cipher, encryption, years.
    We buy for 5 years, and renew it every 4.5-4 years 10 month. You will need to generrate CSR on your exchange server, populate it with SAN ( Subject Alternate Names) if necessary; that is in case when server called asjdkl34jakdjlk3.someting.somehwere.com but you want your users to refer to it OWA.something.somewhere.com
    then just publish it in IIS, and enable it on exchange.
    · Share on FacebookShare on Twitter
  • Options
    ClaymooreClaymoore Member Posts: 1,637
    Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.

    https://www.digicert.com/easy-csr/exchange2007.htm
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • Options
    About7NarwhalAbout7Narwhal Member Posts: 761
    Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here?
    · Share on FacebookShare on Twitter
  • Options
    JBrownJBrown Member Posts: 308
    You will only cover YOUR domain joined workstations with that, but end users using MAC, laptops, mobile devices, home PCs will get SSL warning.

    I use Goaddy's "Multiple Domains UCC" that includes 5 or more SAN names. They will give you upto 50% off the price, depending on your organization (profit/non-profit) and/or number of years you need the ssl for.
    About7Narwhal wrote: »
    Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here?
    · Share on FacebookShare on Twitter
  • Options
    jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    https://certificatesforexchange.com

    They allow you to easily recreate the certs, add / remove SANs etc.

    Good fast support.
    My own knowledge base made public: http://open902.com :p
    · Share on FacebookShare on Twitter
  • Options
    fly2dwfly2dw Member Posts: 122 ■■■□□□□□□□
    Claymoore wrote: »
    Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.

    https://www.digicert.com/easy-csr/exchange2007.htm

    Yep I use Digicert, they also have a great certificate checker:

    SSL Certificate Tester - Check Certificates

    This is very useful when uploading certificates into hardware appliances and you want to check if it is working correctly. Or when you customise your certificate and compile it back together, sometimes the chain/path can be in the wrong order, this will help detect that, so you can fix it.
    · Share on FacebookShare on Twitter
  • Options
    undomielundomiel Member Posts: 2,818
    I'll toss in another recommendation for https://certificatesforexchange.com/ as well.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
Sign In or Register to comment.