MessageXchange: Exchange 2007 Certificate Install with Autodiscover

Generate the CSR

New-ExchangeCertificate -GenerateRequest -Path c:\SANCERT.txt -SubjectName "c=US, l=City, s=Washington, o=company, cn=mail.company.com" -DomainName www.mail.company.com, autodiscover.company.com, mailarchive.company.com -PrivateKeyExportable:$true

This will create a CSR text file that will be sent to the third part cert issuer.

EXAMPLE (yes it is fake):

Once they send it back to you, proceed to the next step.

Checking Certificate Properties

There are two things we need. First thing is to verify that that the certificate has a valid private key. Double click the certificate, look below:

The next piece of information that you’ll need is the thumbprint:

Importing the Certificate into Exchange

Import-ExchangeCertificate -path

This will import the certificate into Exchange and make it available for use.

Enable the Certificate

Enable-ExchangeCertificate -Thumbprint C45DD764DE2F36CD907FJSND7682970F1358 -Services "POP, IMAP, IIS, SMTP"

Confirm.

Overwrite existing default SMTP certificate,

'E38LKJS5766237D887DN7SJBF66192CF018801' (expires 9/7/2009 5:59:59 PM), with

certificate ' C45DD764DE2F36CD907FJSND7682970F1358' (expires 1/23/2009

4:59:59 PM)?

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help

(default is "Y"):a

Confirm the Configuration

Get-ExchangeCertificate

Thumbprint Services Subject

---------- -------- -------

C45DD764DE2F36CD907FJSND7682970F1358 IP.WS CN=mail.company.com,...

I, P, W, S stand for the four layers that you set above; IMAP, POP, Web (IIS), SMTP

The certificate is now available for the messaging protocols and IIS.

Configure For Use With Autodiscover

**NOTE**

Wherever you see “get-ClientAccessServer | Set-ClientAccessServer” you are getting all CAS servers and setting this on all of them. If this is not what you want, perform a get-ClientAccessServer and only set it on the ones you want by using “Set-ClientAccessServer –identity SERVER”.

Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.company.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory –Identity "SERVER\EWS (Default Web Site)" -InternalUrl https://mail.company.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "SERVER\oab (Default Web Site)" -InternalUrl https://mail.company.com/oab

Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.company.com/autodiscover/autodiscover.xml

Get the Certificate in Use

Right click MSExchangeAutodiscoverAppPool in IIS, and then click 'Recycle'

Verify

Load up a web browser and browse to OWA. Use the browser to check the certificate (usually a lock in the lower corner). Verify that OWA works, and that autodiscover works in Outlook. To test Outlook, hold ctrl and right click on the Outlook icon in the lower right hand corner (system tray).

In order to configure externally you can run the following command templates:

Enable-OutlookAnywhere -Server CASSERVER -ExternalHostname "mail.domain.com" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False

Set-OABVirtualDirectory -identity "CASSERVER\OAB (Default Web Site)" -externalurl https://mail.domain.com/OAB -RequireSSL:$true

et-UMVirtualDirectory -identity "CASSERVER\UnifiedMessaging (Default Web Site)" -externalurl https://mail.domain.com/UnifiedMessaging/Service.asmx -BasicAuthentication:$True

Set-WebServicesVirtualDirectory -identity "CASSERVER\EWS (Default Web Site)" -externalurl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$True

MessageXchange

Tuesday, September 16, 2008

Exchange 2007 Certificate Install with Autodiscover

No comments: