Tuesday 2 June 2015

Requesting an Exchange 2013 certificate from an enterpise certifcate authority

We should firstly identify the relevent certifcate authority:

certutil –config - -ping

RDP into the CA and go to the Certifcate Authority snapin >> Right-hand click 'Certifcate Templates' >> Manage >> Right-hand click the 'Web Server' certificate and select "Duplicate" >> Name it something like 'Exchange 2013 Server' and ensure that under the 'Request Handling' tab that 'Allow private key to be exported' is selected and that the reqesting COMPUTER has 'Enroll' permission under the 'Security' tab >> Finally exit the 'Certifcate Templates Management' console.

Now from the CA snapin right-hand click 'Certifcate Templates' >> New >> Certificate Template to Issue >> select our newly created template: Exchange 2013 Server.

We can then request a new certifcate by going to the certifcates snapin for the local COMPUTER >> Right-hand click 'Personal' node >> All Tasks >> 'Request New Certificate...'. ** During this process ensure that as well as entering a common name(s) for the certificate you also specify a 'friendly name' otherwise Exchange will display the certificate with a blank name on it's UI!

We should now export the certificate (along with it's private key) and simply import it from the Exchange ECP:

Servers >> Certificates >> Import Exchange Certificate >> Assosiate with the relevent server >> Click Finish >> Double-click the newly created certificate >> Services >> Select the relevent services.

Finally restart the relevent services to take effect.


Post a Comment