So the new Exchange 2007 FE and BE system's been up and running fine for a few months now and I finally decided to fix that damn security prompt for the certificates. Essentially I needed a certificate that could handle the Back End server's FQDN and Netbios, the front end's FQDN and Netbios, the Autodiscover dns name, the smtp dns name, and the whole email domain name. Found few articles at the usual places (Tom Shinder's pages/forums, petro.co.il, etc) and started building out the syntax needed. There seem to be different priorities on what's included but my final one was: (and the one that worked mind you since Entrust barfed the first try back out at me)
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, O=MyCompanyNameHere, CN=FESERVER.YOURDOMAIN.com" -DomainName FESERVER.YOURDOMAIN.com, exchange.YOURDOMAIN.com, autodiscover.YOURDOMAIN.com, FESERVER.ADsubdomain.YOURDOMAIN.com, FESERVER, BEServer.ADsubdomain.YOURDOMAIN.com, BEServer -PrivateKeyExportable $true -keysize 1024 -path c:\certrequest_FESERVER.cer
(the subdomain was for the internal DNS names since Active Directory is a sub-DNS domain)
Also make sure the CN matches the first server name in the DomainName section if you want ISA to work with this.
Now take your .cer file and head over to Entrust and get a "Unified Communications Certificate". http://www.entrust.net/ssl-certificates/unified-communications.htm
Follow the instructions and keep in mind they require a separate contact for Technical and Authoritative for security.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment