This paper describes how in 2010 to install Microsoft Exchange certificates issued by an authority (hereinafter referred to as CA), if it is self-signed certificate
, please refer to the Microsoft official self-signed certificate document, like Web application server, if it is multi-server Exchange needs in each stage are installed
this certificate.
First, prepare
1. issue a certificate
issued after CA certificate is verified after the domain name or domain name certificate issued by the enterprise information, such as a mail server uses
smtp.yourdomain.com sent as a mail server address, then the certificate to verify the domain name is smtp.yourdomain .com, while
smtps agreement is only an extension of smtp, and the application layer is the same as smtp, using a 465 smtps port.
2. Intermediate certificate
a certificate chain to be complete + ... + root certificate consists of a certificate intermediate certificate + A + B intermediate certificate, so usually, a certificate issued by the CA compressed
there will be one or more intermediate certificates, in addition a number of intermediate CA certificate in the official online download, please refer on the merger Intermediate certificate: SSL certificate chain is not
complete cause the browser untrusted
3. the private key
private key is usually generated when preparing CSR certificate request file, use openSSL generate the same level of file directory exists CSR - CSR certificate request file generated
pieces, using a private online tools will be randomly generated + CSR sent to the mailbox using IIS generate a CSR request to withdraw after the completion of the private key certificate request?
- SSL / TLS certificate plurality of types of conversion.
In addition, like Exchange and IIS also provides? Function as the new certificate request and complete the certificate request.Second, the installation step
- Exchange Management Console to import the certificate
Start menu, open the Exchange Management Console - Server Configuration - Import Exchange Certificate, select the certificate issued pfx format, or plain
x.509 certificate format convert pfx certificate - SSL / TLS certificate a variety of types of conversion, enter pfx certificate password, complete the import certificate.
Note: As used herein, is pfx certificate after the merger,
Service
2. Server Configuration?
Click Database Management, select Server Configuration - Right-click the imported certificate - the certificate distribution service - select the specified service (Internet Message Access
Protocol, Post Office Protocol, simple Mail transfer protocol, Internet information services).
Click Next - distribution - if prompted to overwrite SMTP is click on - Finish to complete the certificate distribution service
- Exchange Management Console to import the certificate
Third, the use of Exchange files and generate a CSR request completion certificate installation
Above establish import certificates in the existing premise pfx certificate and configure services, and as IIS and Exchange 2010 also includes a new certificate request
and complete the certificate request function. This certificate can replace the production process openSSL and IIS.
- New certificate request
Open the Exchange Management Console - New Exchange Certificate
in the domain-wide page, if you want to create a wildcard certificate can be enabled, if a non-wildcard certificate in the next sub-domain settings, select the next
step.
2. Fill CSR certificate request file information
and other CSR production as set generic name for a subdomain, such as smtp.yourdomain.com, then fill organizational units and other information,
mail and other information click Finish, thus completing the entire certificate request generation file. At this time, together with the private key is also generated CSR file to fill in this online life
into the input box buffet CSR request a digital certificate to request a certificate.
3. Complete the installation of the certificate
after the CA issues a certificate in the Exchange Management Console, click Finish waiting for a request, select the certificate issued, click Finish to complete the Certificate Import also work
for.
Note: Exchange 2010 can sometimes prompt an error message The source data is corrupted or not properly Base64 encoded.
This is usually caused by a self-signed certificate, attempts to re-create the CSR.Four, Exchange Management Shell to install
You can use the Exchange Management Shell for certificate issued by the CA installation, using the following command:
1 pfx certificate to import
2. Exchange New Certificate process?
Note: Note SMTP can be modified to "IIS, POP, IMAP, SMTP " support? multiple options
This article posted by SSL small series finishing shield [shield] www.ssldun.com site security certificate issued by the cheap fast