Exchange 2007 and certificates
After you deploy your Microsoft Exchange Server 2007 infrastructure, you must make sure that all your clients, such as Outlook Web Access and Outlook 2007, will be able to connect to the services by using an encrypted session without receiving an error message that states that the certificate is not trusted.
For example, your users may be able to connect to your Exchange services by specifying the name as shown in the following examples:
- https://CAS01/owa
- https://CAS01.FQDN.name/owa
- https://CASIntranetName/owa
- https://autodiscover.emaildomain.com
You can create a single certificate by adding all the possible DNS name values to the certificate Subject Alternative Name (SAN) property on the certificate request.
In order to generate the Certificate Signing Request (CSR), you must use the Exchange Management Shell, by running the following command:
New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=contoso,
o=Contoso Corporation,cn=exchange.contoso.com" -domainname
exchange.contoso.com, CAS01,CAS01.exchange.corp.constoso.com,
autodiscover.contoso.com -PrivateKeyExportable $true
-path c:\certrequest_cas01.txt
This command will create a text file that contains a certificate request in PKCS#10 format.
If if find this hard to do and prefer a more graphical way of doing it, digicert provides a nice New-ExchangeCertificate Command Generator.
Related Links: