Q1. However, the security error still encountered on the following website. https://sunmail.erin.local/owa. Is there a way to solve it using internal CA?
Yes, to use internal CA certificate to solve this issue, we need to generate a new internal CA certificate to include both internal and external domain name. The following are the instructions:
1. Create a certificate request via the following cmdlet in EMS:
New-ExchangeCertificate -DomainName "sunmail.erin.local","sunmail" -SubjectName "CN=sunmail.erin.local, OU=moonlight, O=erin.local, L=Singapore, S=Singapore, C=SG" -PrivateKeyExportable:$True -GenerateRequest:$True -Path "C:\CertRequest.req"
2. Please use the steps in the following article to generate a certificate from Windows Server 2003 CA
Request a certificate from a Windows Server 2003 CA using a PKCS #10 or PKCS #7 file
http://technet.microsoft.com/en-us/library/cc780649.aspx
3. Please import and enable the certificate.
Import-ExchangeCertificate -Path "c:\...\newcert.cer" | Enable-ExchangeCertificate -Services IMAP,POP,IIS,UM,SMTP
Q2. I also notice that the CA Cert is going to expire soon next Month, Is there a faster way to generate it for another 5 years.
No, Windows Server 2003 CA certificate will expire in one year. We need to follow the above procedure to generate a certificate.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment