How to Configure Exchange 2010 Self Certificate Part 3

• Now open your Exchange 2010 Server EMC
• Go to Server Configuration , make right click
• Select "new Exchange Certificate"

Give it a name like,

Exchange 2010 CR Request

Click next

Now on this page let me elaborate bit more, in our scenario we won’t have any access from internet so all configuration changes we will be doing are INTERNAL. That being said if this would be real time scenario the process would be the same as you would consider to use outside names to access these resources such as mail.YourCompnay.com or outlook.YourCompany.com

Internal Server names DO NOT NEED TO BE on the certificate normally , Unless you can think of some good reason.

We will use two name spaces

Mail.ztekzone.com and Webmail.ztekzone.com , in internal DNS servers we will add A records to point these resources

Any Exchange server we like. The purpose of having different name space is to keep control of internal mail related resources and segregate them from outside ( Different path, different HLB servers etc.)

The last option is Legacy , if you were to perform migration from legacy versions of Exchange servers this is what you would select here for the proper name space to be able to distinguish Exchange services and proxy them back to legacy servers in Co-Existence scenarios . ( you leave this blank if this is wont pertain to you)

Now on this page make sure your common name set it correctly

Fill out the blanks per your reference

Click Finish now you can see you have pending request

Here is our file

In Part 3 we will put all together

Here is OWA and SSL connection is established  with no  issues

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

How to Configure Exchange 2010 Self Certificate Part 2

• Now open your Exchange 2010 Server EMC
• Go to Server Configuration , make right click
• Select "new Exchange Certificate"

Give it a name like,  Exchange 2010 CR Request

Click next

Now on this page let me elaborate bit more, in our scenario we won’t have any access from internet so all configuration changes we will be doing are INTERNAL. That being said if this would be real time scenario the process would be the same as you would consider to use outside names to access these resources such as mail.YourCompany.com or outlook.YourCompany.com

Internal Server names DO NOT NEED TO BE on the certificate normally , Unless you can think of some other good reason.

We will use two name spaces

Mail.ztekzone.com and Webmail.ztekzone.com , in internal DNS servers we will add A records to point these resources

Any Exchange server we like. The purpose of having different name space is to keep control of internal mail related resources and segregate them from outside ( Different path, different HLB servers etc.)

The last option is Legacy , if you were to perform migration from legacy versions of Exchange servers this is what you would select here for the proper name space to be able to distinguish Exchange services and proxy them back to legacy servers in Co-Existence scenarios . ( you leave this blank if this is wont pertain to you)

Now on this page make sure your common name set it correctly

Fill out the blanks per your reference or needs.

Click Finish now you can see you have pending request

Here is our file

In Part 3 we will put all together

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

How to Configure Exchange 2010 Self Certificate Part#1

We will configure Exchange 2010 Self Certificate to be used in our LAB , the LAB Environment we will be performing several tasks , including configuring your own certificate authority and creating CR from exchange 2010 servers are part of our goal on this article.

We will at the end install the local certificate and I will show you how to import that into your own laptops etc. to avoid seeing certificate is not trusted warning. The steps you would do are same if you were the AD engineer to manage internal CA authority for your internal usage.

• Windows 2008 R2 Forest/Domain
• DC1 ( Domain Controller, Certificate authority server)
• E1 ( Exchange 2010 , Multi Role DAG member)
• E2 ( Exchange 2010 , Multi Role DAG member)
• Windows 7 Workstation ( Domain member)

Working Steps:

1. Install Certificate authority on the Domain Controller for your domain

Open Server manager, by typing Servermanager.msc

Roles, add roles,

Select Active Directory Certificate Services

Click Next

When it is asked select add required roles and click next when you ready

Enterprise

Root CA

Create a new Private key

Click next ( don’t need to change anything here)

Click next

Click next ( 5 years is good enough normally adjust if you like )

Click next ( pay attention here where will have the databases) if this was production implementation you would certainly

Take a note of this directory

Next

Next

Finally Install

Now open IIS on the same ( server) click start and type "Inetmgr " hit enter.

Expand default website and locate directory called " CerSrv" on the right pane, click on "Browse"

Now you may want to add this into Bookmark of your browser

Part 2 we will generate certificate request from Exchange 2010 servers

Respectfully,

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Exchange 2010 Create Database Script

If you like to create Exchange 2010 database here is real simple script will help you or your helpdesk to get the work done.

Simply run the script and fallow the directions, enjoy.

#======================================================================== # Created with: NotePad # Created on:   8/1/2013 9:21 AM # Created by:   Oz Casey Dedeal # Organization: ZTEKzone # Filename:     ZTEKzone_Create_MBDataBase_V2.ps1 #======================================================================== Write-Host `tZTEKzone Create DataBase Script.`n -Fore Red;start-Sleep -Seconds 1 Write-Host `t We will need to mount the DB after creating it.`n -Fore Yellow;start-Sleep -Seconds 1 Write-Host `t  You need to be assigned permissions before you can perform this procedure or procedures.`n -Fore Magenta;start-Sleep -Seconds 1 # This is Where we Provide More Details $SName = read-host "Enter The Name for DB Server, like ( e1 ) " $DBName = read-host "Enter The Name for Your Database, like ( db15 ) " $EDbfp = read-host "Enter The DB Path , like ( E:\DatabaseFiles\MP1\ )" $Lfp= read-host "Enter Log Path for Recovery , like ( E:\LogFiles\MP1\ )" New-MailboxDatabase -Name $DBName -Server $SName -EdbFilePath "$EDbfp\$DBName\$DBName.edb" -LogFolderPath "$Lfp\$DBname.logs" Write-Host `tI will mount the DB now .`n -Fore Yellow;start-Sleep -Seconds 2 Get-MailboxDatabase $DBName | Mount-Database Write-Host `tHang on I am working on it.`n -Fore Yellow;start-Sleep -Seconds 3 # We are done Write-Host `tI am done now.`n -Fore Red;start-Sleep -Seconds 1 Write-Host `tUse Get-Help -Examples.`n -Fore Yellow;start-Sleep -Seconds 1 Write-Host `tTo Learn More About PowerShell.`n -Fore Red;start-Sleep -Seconds 1 Write-Host `tUse Get-Help -get-MailBox -Examples.`n -Fore Yellow;start-Sleep -Seconds 1 Get-MailboxDatabase $DBName | Mount-Database #Write-Host `tI am done now. I will list the databases and provide some information`n -Fore Red;start-Sleep -Seconds 4 #Get-MailboxDatabase -Status | select ServerName,Name,Mounted Write-Host `tWe are done, we will exist now!!!.`n -Fore Yellow;start-Sleep -Seconds 1

Download the script from here

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)