External network access and certificate configuration
After Exchange Server 2013 is deployed by default, you can send and receive emails internally without any configuration. However, for external access and sending and receiving emails from the Internet, a series of configurations are required. The following are the deployment steps.
Step 1: Create a send connector:
Create a sender is available in the mail flow function, just click the send connector to start creating it, as shown in the figure below
Fill in the fully qualified domain name during the filling process*
Until this step, the two back-end mailbox servers are added here
So far, it is considered as created
Step 2: Configure the external access address
Log in to the background management ECP interface, select "Server—>Virtual Directory", select the owa directory of each server, as shown in the figure below
Click Edit to enter the following interface and fill in the external URL of the OWA virtual directory: https://mail.contoso.com/owa
Select ECP, double-click to enter the editing interface
Fill in the external URL in the ECP virtual directory: https://mail.contoso.com/ecp
Also edit the external URL of the OWA and ECP virtual directories on another win-bgcfrp8vau0.contoso.com
OWA-like external URL: https://mail.contoso.com/owa,
The third step: open outlook anywhere
In the server interface, select a server and click Edit: In the "outlook anywhere" tab, fill in the external host name: mail.contoso.com, the authentication method is: "Basic", as shown below: (I chose the wrong one here , Cas1 is the front-end, the back-end server should be selected, that is, ex and the following server do the same steps)
Configure IIS authentication for outlook anywhere . Open EMS on any front-end server, execute the following command, as shown in the figure below, open this to execute the following command
Step 4: Configure the certificate
The first step is to generate a certificate request file on the ECP interface:
- In the "Server—>Certificate" interface, select a server and click "+" to add a certificate request, as shown in the figure below:
Fill in the friendly name of the certificate, as shown below:
Default next step
Select the server where the certificate is stored, as shown in the figure below:
Fill in the domain name for external access (when accessing from the Internet): mail.contoso.com, automatic discovery is the default: autodiscover.contoso.com, POP or IMAP only fill in the host name ( without suffix ): mail, you can add multiple , Separated by ",", as shown below:
In the following interface, add all the domain names or hostnames that will be used in the internal and external networks. I am here with EX. If there is no screenshot, go directly to the next step. Add here and fill in the organization information as shown below:
Fill in the shared path where the certificate request is saved , here select 1 under the shared folder on ex, as shown below:
The certificate application is complete, and the status is "Pending Request", as shown in the figure below
The second step is to apply for a certificate from the CA certificate server and obtain the certificate file (that is, the domain, because other servers are ordinary members, only the domain has the certificate service function installed):
On the ex server, log in to the certificate application interface of the CA certificate server: http://win-luapi9560ar.contoso.com/certsrv as shown below: log in with the domain name account to enter the interface below
Then click Apply for Certificate
Select "Advanced Certificate Application", as shown below:
Select "CMC edited with base64...", as shown below:
Use "Notepad" to open the certificate request file created under the shared folder, and copy all the contents, as shown in the figure below:
Paste the content of the certificate request file into the following application text box, and select the certificate template as: "Web Server", and then click "Submit", as shown in the figure below:
The certificate has been issued! Select "Download Certificate" and save the certificate file to the shared folder, as shown in the figure below:
The certificate issued is as follows
The third step is to import the issued certificate file in the ECP interface:
Open the ECP certificate interface, select the requested certificate, and click "Finish" in the lower right corner, as shown in the figure below:
Enter the path of the issued certificate and click "OK". There is no screenshot at this step, just talk about it
Since the default installation path in the above installation steps is ex, enter the valid address of the certificate in ex on the pop-up interface: my address here is \\200.200.208.202\1\certnew.cer and it’s ok.
After completing the pending request, the certificate status is: "valid", as shown in the figure below
After completing the certificate, the only services assigned by default are: IMAP, POP, and other services need to be assigned. Click "Edit", as shown in the figure below:
Check "SMTP" and "IIS", these two are required, the other "UM" and "UM call router" are required for unified messaging configuration, and will be introduced later when there is a chance. Uncheck it here, and then click "Save", As shown below:
Replace the old default certificate, select "Yes", as shown below:
At this point, the certificate configuration has been completed!