Exchange server certificate
JasminLandry
Member Posts: 601 ■■■□□□□□□□
in Off-Topic
Hi guys, this post might not have enough information because I'm not sure how it is done, but I need to know how to get a certificate for an Exchange 2007 server? What's the procedure to get one? Where I work they have to renew it every year, now they want to just buy one so that they don't have to renew it every year. Is this possible?
Comments
-
it_consultant Member Posts: 1,903
-
JBrown Member Posts: 308Cheap SSL Cert is with GoDaddy, expansive one is with Verisign, You can buy it for 1-10 years, price depends on the company, cipher, encryption, years.
We buy for 5 years, and renew it every 4.5-4 years 10 month. You will need to generrate CSR on your exchange server, populate it with SAN ( Subject Alternate Names) if necessary; that is in case when server called asjdkl34jakdjlk3.someting.somehwere.com but you want your users to refer to it OWA.something.somewhere.com
then just publish it in IIS, and enable it on exchange. -
Claymoore Member Posts: 1,637Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.
https://www.digicert.com/easy-csr/exchange2007.htm -
About7Narwhal Member Posts: 761Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here?
-
JBrown Member Posts: 308You will only cover YOUR domain joined workstations with that, but end users using MAC, laptops, mobile devices, home PCs will get SSL warning.
I use Goaddy's "Multiple Domains UCC" that includes 5 or more SAN names. They will give you upto 50% off the price, depending on your organization (profit/non-profit) and/or number of years you need the ssl for.About7Narwhal wrote: »Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here? -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□https://certificatesforexchange.com
They allow you to easily recreate the certs, add / remove SANs etc.
Good fast support.My own knowledge base made public: http://open902.com -
fly2dw Member Posts: 122 ■■■□□□□□□□Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.
https://www.digicert.com/easy-csr/exchange2007.htm
Yep I use Digicert, they also have a great certificate checker:
SSL Certificate Tester - Check Certificates
This is very useful when uploading certificates into hardware appliances and you want to check if it is working correctly. Or when you customise your certificate and compile it back together, sometimes the chain/path can be in the wrong order, this will help detect that, so you can fix it. -
undomiel Member Posts: 2,818I'll toss in another recommendation for https://certificatesforexchange.com/ as well.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/