Exchange 2013 learning notes 19: Certificate Management


1、 Preface

When the client logs in to OWA, it will often prompt “there is a problem with the security certificate of this website”. To solve this problem, we can create a new certification authority, and then exchange can apply for a certificate from the certification authority.

2、 Certificate services installation

2.1. Open the server manager on the domain server DC1 and click “add roles and functions”.

2.2. By default, click “next”.

2.3. By default, click “next”.

2.4. By default, click “next”.

2.5 check “Active Directory Certificate Services” and click “next”.

2.6. By default, click “next”.

2.7. By default, click “next”.

2.8 check “certification authority web registration” and click “next”.

2.9. Check “if necessary, restart the target server automatically”, and click “Install”. After installation, click “close”.

2.10. Click the exclamation mark in the upper right corner of the server manager, and then select “configure Active Directory Certificate Services on the target server”.

2.11. By default, click “next”.

2.12 check “certification authority” and “certification authority web registration”, and click “next”.

Click “next” and click “next”.

2.14. Select “root” and click “next”.

2.15. Select “create new private key” and click “next”.

2.16 select “RSA? Microsoft software key storage provider” for encryption provider, set key length to “2048”, select “sha256” for hash algorithm, and click “next”.

2.17. Default selection, click “next”.

2.18. Set the validity period to “10” years and click “next”.

2.19. By default, click “next”.

2.20. Click “configuration”.

2.21. After configuration, click “close”.

2.22. Enter inetmgr to open IIS.

2.23. Certsrv is the application generated by the certificate service authority web registration under the IIS default site.

3、 New exchange certificate

3.1. Enter the exchange management center, click server, select certificate, and then click new.

3.2. Select “create request to obtain certificate from certification authority” and click “next”.

3.3. Input the certificate name, such as “DC1 Click next.

3.4. Click “next”.

3.5. Click “Browse”, select the server, and then click “next”.

3.6. Click “next”.

3.7. Click “next”.

3.8. Input the relevant information of the certificate and click “next”.

3.9. Enter the network share location where the certificate is saved and click finish.

4、 Apply for a certificate

4.1 input“ “Open the certification services authority web enrollment, enter the domain administrator account and password, and click log in.”.

4.2. Click “apply for certificate”.

4.3. Click “Advanced Certificate Application”.

4.4 use Notepad to open the new exchange certificate above, select all and copy it.

4.5. Paste the copied exchange certificate to the base-64 encoded certificate application, select “web server” for the certificate template, and click “submit”.

4.6. Click “download certificate” and download the certificate certnew.CER Save to the share disk of DC1.

5、 Complete exchange certificate

5.1. Return to the exchange certificate page and click the new certificate DC1 On the right, click finish.

5.2. Enter the network share address of the certificate file and click “OK”.

5.3. Click “Edit”, check “SMTP” and “IIS” in the service page, and then click “save”.

5.4. A warning will pop up and click “yes”. At this point, the whole process of certificate management is completed.