miércoles, 11 de mayo de 2011

SSL services in exchange 2007

On exchange 2007 there are many client protocols as 2003 as well, when import a cert on the CAS or HUB server, we are able to co consolidate or associate those with all services (pop3, imap4,smtp,owa).

For a clients outlook express and SMTP we must take care with the configuration, by default there is a receive connector for a clients:





On the client:





We are using an internal PKI and in order to request a new SMTP certificate using the Exchange Management Shell use the following cmdlet:

New-ExchangeCertificate –GenerateRequest –Path c:\cert.req –SubjectName “cn=relay.apatricio.local” –FriendlyName “Internal Relay Certificate” –PrivateKeyExportable:$True

Now, let’s request the certificate created using the Certification Authority webpage:

  1. Logged on Exchange Server open the http:///certsrv, where is your server which hosts the Certification Authority.
  2. Click on Request a Certificate link.
  3. Click on advanced certificate request.
  4. Click on the second link which is Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
  5. Open the file C:\cert.req which was created by New-ExchangeCertificate cmdlet and copy the content.
  6. Paste the content of that file into the Base-64-encoded certificate request field in the webpage.
  7. On the same page, select Web Server in the Certificate Template field and then click the Submit button.
  8. On the new page, click on the Download Certificate link and save it in the C:\ root of the Exchange Server.

Let’s import the new certificate, to do that use this cmdlet:

Import-ExchangeCertificate –Path:C:\certnew.cer

Note:
The file name and path is just an example, you have to use the file name and path that you have used in the previous step.

Time to enable the new imported certificate to be used by the SMTP service using the Exchange Management Shell. To enable it we just need to copy the Thumbprint that was shown when we imported the request in the previous step and use this cmdlet:

Enable-ExchangeCertificate –Thumbprint -Services SMTP

You will be prompted to change the default SMTP certificate, just type in N and hit enter.

Use get-excgangecertificates | fl PS to see the current services attached on the cert:

More information:

http://technet.microsoft.com/en-us/library/aa997231%28EXCHG.80%29.aspx

For enable logging:



Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)