subject: exchange

Exchange 2007 and certificates

After you deploy your Microsoft Exchange Server 2007 infrastructure, you must make sure that all your clients, such as Outlook Web Access and Outlook 2007, will be able to connect to the services by using an encrypted session without receiving an error message that states that the certificate is not trusted.

For example, your users may be able to connect to your Exchange services by specifying the name as shown in the following examples:

• https://CAS01/owa
• https://CAS01.FQDN.name/owa
• https://CASIntranetName/owa
• https://autodiscover.emaildomain.com

You can create a single certificate by adding all the possible DNS name values to the certificate Subject Alternative Name (SAN) property on the certificate request.

In order to generate the Certificate Signing Request (CSR), you must use the Exchange Management Shell, by running the following command:

New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=contoso,
o=Contoso Corporation,cn=exchange.contoso.com" -domainname 
exchange.contoso.com, CAS01,CAS01.exchange.corp.constoso.com, 
autodiscover.contoso.com -PrivateKeyExportable $true 
-path c:\certrequest_cas01.txt

This command will create a text file that contains a certificate request in PKCS#10 format.

If if find this hard to do and prefer a more graphical way of doing it, digicert provides a nice New-ExchangeCertificate Command Generator.

Related Links:

• Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007
• How to Configure SSL Certificates to Use Multiple Client Access Server Host Names
• Exchange 2007 Autodiscover and certificates
• More on Exchange 2007 and certificates - with real world scenario