Share via

How to Use a Self Signed Certificate in Exchange 2010

  • Article

We can use a self signed certificated for Exchange 2010.

Now will learn how to do it.

Something which you need to know is using a self signed certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE.

So that’s why people prefer going for a 3rd party certificate to overcome it.

Will Learn using a Self Signed Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS.

First we will learn how to Export a Certificate request file from Exchange 2010.

Step 1:

http://careexchange.in/wp-content/uploads/2012/02/image_thumb21.png

Type a Friendly Name :

http://careexchange.in/wp-content/uploads/2012/02/image_thumb22.png

Wild Card is used for Very Big Environment .For Example : *.Domain.com

http://careexchange.in/wp-content/uploads/2012/02/image_thumb23.png

Step 2:

Assign the required Services for your Exchange , Give a Tick Mark

http://careexchange.in/wp-content/uploads/2012/02/image_thumb24.png

You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010

http://careexchange.in/wp-content/uploads/2012/02/image_thumb25.png

Step 3:

You will see the collection for URL’s

http://careexchange.in/wp-content/uploads/2012/02/image_thumb26.png

Step 4:

Fill out the Form – And set the location for the Cert Request file

http://careexchange.in/wp-content/uploads/2012/02/image_thumb27.png

http://careexchange.in/wp-content/uploads/2012/02/image_thumb28.png

Step 5:

Your request file would look like this

http://careexchange.in/wp-content/uploads/2012/02/image_thumb29.png

Open it via Notepad , because we need this content to generate a Certificate

http://careexchange.in/wp-content/uploads/2012/02/image_thumb30.png

Step 6:

You need to have this role installed to have a Certificate Authority , It can be DC or Exchange it self

I have done this in the Exchange itself (No Harm)

http://careexchange.in/wp-content/uploads/2012/02/image_thumb31.png

Step 7:

Choose : Certification authority , Certification Authority Web Enrollment

http://careexchange.in/wp-content/uploads/2012/02/image_thumb32.png

Step 8:

Choose Enterprise

http://careexchange.in/wp-content/uploads/2012/02/image_thumb33.png

Step 9:

Choose Root CA

http://careexchange.in/wp-content/uploads/2012/02/image_thumb34.png

Step 10:

Create a new Private key

http://careexchange.in/wp-content/uploads/2012/02/image_thumb35.png

Step 11:

Have this Default with 2048 key Character length

http://careexchange.in/wp-content/uploads/2012/02/image_thumb36.png

Step 12:

Click Next

http://careexchange.in/wp-content/uploads/2012/02/image_thumb37.png

Step 13:

By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

http://careexchange.in/wp-content/uploads/2012/02/image_thumb38.png

Step 14:

http://careexchange.in/wp-content/uploads/2012/02/image_thumb39.png

Step 15:

Now if you Open IIS manager , you will see “CertSrv” a Virtual Directory Created ,

Use the right side column “Browse *.443(https)

http://careexchange.in/wp-content/uploads/2012/02/image_thumb40.png

Step 16:

You would see a page like this , Choose Request a Certificate

http://careexchange.in/wp-content/uploads/2012/02/image_thumb41.png

Step 17:

Click on Advanced Certificate Request

http://careexchange.in/wp-content/uploads/2012/02/image_thumb42.png

Step 18:

Choose the Second one

Submit a certificate request by using a base-64-Encoded CMC

http://careexchange.in/wp-content/uploads/2012/02/image_thumb43.png

 

 

 

 

 

 

 

 

 

 

 

 

Step 19:

Now Copy the Note pad -

Choose Template : WebServer

http://careexchange.in/wp-content/uploads/2012/02/image_thumb44.png

Step 20:

Choose “Base 64 encoded”

http://careexchange.in/wp-content/uploads/2012/02/image_thumb45.png

Step 21:

Save the Certificate

http://careexchange.in/wp-content/uploads/2012/02/image_thumb46.png http://careexchange.in/wp-content/uploads/2012/02/image_thumb47.png

Step 22:

Now go to your EMC

Server Configuration – Complete Pending request

http://careexchange.in/wp-content/uploads/2012/02/image_thumb48.png

Chose the Certificate :

http://careexchange.in/wp-content/uploads/2012/02/image_thumb49.png

Step 23:

Now Assign Services to the Certificate

http://careexchange.in/wp-content/uploads/2012/02/image_thumb50.png

http://careexchange.in/wp-content/uploads/2012/02/image_thumb51.png

Now the Server Part is ready

Step 24:

Now will learn how to install the Certificate in the Client End

Double Click on the Certificate

Click Install Certificate – Click Next –

http://careexchange.in/wp-content/uploads/2012/02/image_thumb52.png

Choose Personal –

http://careexchange.in/wp-content/uploads/2012/02/image_thumb53.png

Click Next And Import will be Successful

Now Do the Same Process

Double Click on the Certificate

Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities

http://careexchange.in/wp-content/uploads/2012/02/image_thumb54.png

Double Click on the Certificate

Click Install Certificate – Click Next – Choose Intermediate Certification Authorities

http://careexchange.in/wp-content/uploads/2012/02/image_thumb55.png

Step 25:

Before

http://careexchange.in/wp-content/uploads/2012/02/image_thumb56.png

After installing the Certificate in the Client

http://careexchange.in/wp-content/uploads/2012/02/image_thumb57.png

Great !!

Now you learn how to use a Self Signed Certificate in Exchange 2010