Re: SSL certificates
- From: "skip" <shofmann@xxxxxxx>
- Date: Mon, 5 Jan 2009 09:01:25 -0800
When you make your cert request you have the option to specify the internal netbios name and the external fqdn that users will hit from outside your network. The -Domainname parameter in the cert request is used to map the internal netbios and fqdn that you want the cert to respond to.
Example
My fqdn that users hit from the outside is mail.kbblab.com the internal name of the cas sever is casht.kbblab.com. This works for internal and external clients
new-ExchangeCertificate -GenerateRequest -SubjectName "
DC=com,dc=kbblab,o=kbblabinc,cn=mail.kbblab.com" -DomainName mail.kbblab.com,cas
ht.kbblab.com,casht -IncludeAutoDiscover -IncludeAcceptedDomains -PrivateKeyExpo
rtable $true -path c:\certrequest.txt -force
"SJMP" <sjmp@xxxxxxxxxxxxxxxx> wrote in message news:35C04B01-DE7D-4B3C-9517-33A14195FE5A@xxxxxxxxxxxxxxxx
Thanks Elan
My questions are two fold.
1 - What services do I need enabled on the Cert if we are using OWA, Outlook
Anywhere, and Window Mobile?
2 - The other certs which seem to of been created by default - Cert 2 and 3
- are they needed by AD or anything else for internal use?
"Elan Shudnow [MVP]" wrote:
You have certificates that are being utilized for services that aren't
enabled on your valid certificate. Are you using these services? If not,
it should be safe to remove. If yes, then make sure that you utilize the
service on your new valid certificate. The new valid certificate should
contain the name that the user's connect via the old certificate so they
don't get any connectivity issues when you remove the old certificate and
utilize only the new valid one.
--
Elan Shudnow
Exchange MVP
http://www.shudnow.net
"SJMP" <sjmp@xxxxxxxxxxxxxxxx> wrote in message
news:B5702447-7389-433D-9540-421D977C2D25@xxxxxxxxxxxxxxxx
> PS - It is the second and third cert that I want to remove
>
> Cert 2 - expires 3/4/2009
> Cert 3 - expires 1/29/2009
>
> "SJMP" wrote:
>
>> I want to know if I can remove the two of the three certs on the >> exchange
>> 2007 sp1 server. Leaving just the valid third party SSL cert. Users
>> connect
>> via outlook anywhere and windows mobile.
>>
>> "Event ID 12018 - STARTTLS certificate will expire soon. The >> certificate
>> domain for this event was server.mydomain.com (internal server name)"
>>
>> On my send-connector the FQDN is mail.mydomain.com (public server name
>> matching third party SSL cert)
>>
>> On my recieve connector the FQDN is server.mydomain.com (internal >> server
>> name)
>>
>> Cert 1 - this is my valid SSL cert from comodo
>>
>> Cert Domain - mail.mydomain.com, www.mail.mydomain.com
>> Issuer - Comodo
>> Root CA Type - Registry
>> Services - IIS, SMTP
>>
>> Cert 2 -
>>
>> Cert Domain - server, server.mydomain.com (internal server name)
>> Issuer - server
>> RootCAType - None
>> Services - IMAP, POP, SMTP
>>
>> Cert 3 -
>>
>> Cert Domain - server.greenbriarequity.com (internal server name)
>> Issuer - mail.mydomain.com (external name)
>> RootCAType - Enterprise
>> Services - IMAP, POP, SMTP
>>
.
- Follow-Ups:
- Re: SSL certificates
- From: SJMP
- Re: SSL certificates
- References:
- SSL certificates
- From: SJMP
- RE: SSL certificates
- From: SJMP
- Re: SSL certificates
- From: Elan Shudnow [MVP]
- Re: SSL certificates
- From: SJMP
- SSL certificates
- Prev by Date: A few questions on FE server deployment in Exchange 2003 please ...
- Next by Date: Re: add items to every user's calendar
- Previous by thread: Re: SSL certificates
- Next by thread: Re: SSL certificates
- Index(es):
Relevant Pages
|
