order and install certificates in ms exchange server 2016 ... · hybrid exchange environment across...
TRANSCRIPT
Order and install Certificates in MS Exchange server 2016 –Aditya Mediratta
>Double click any of host / domain name you need to edit as per your requirement
>Delete the names you don't want as additional names do cost additional money
Specify the outlook anywhere URL and hit ‘OK’ & 'Next'
--
Specify the UNC path and file name to save the certificate and hit the 'FINISH' button
At this point our certificate file should be available on specified UNC path
Copy the entire text and paste it to your certificate authority where you are buying certificate from. For example I goto Digicert.com and choose Multi-Domain SANs Certificate
I choose the one year option and click buy:
>Check the following:
>Choose the exchange server version you use and paste the certificate CSR:
We got the error as we also had internal URL in original certificate request.
Correction: - Remove / replace internal URLs
We now need to fill in the Organization Details. Make sure these details match what's in your Who Is at your certificate registrar. So wherever it is that you registered your domain name, whatever address you put in there, you need to have that match here.
If you're not sure what it is, just go ahead and log into your registrar, whether it Network Solutions or GoDaddy or Register.com, whatever it is, log in, find out what name, address, and phone number everything is registered there, and that's the information that it's going to want. After you click Next, you'll be prompted to put in your credit card information which I've already done, and then it says it's Completed and now it's going to try to send an email to an administrator account that may be listed at your registrar's website.
> At this point certificate has been sent to us
Login back to EAC and complete pending certificate request by importing in certificate
We need to assign services to newly installed certificate
Double click on certificate name and choose the services you need
Now we need to go into one of the other servers, in this case it's the domain controller, and we need to point to the internal DNS name for mail.yourdomain.org
Create a new forward lookup zone in DNS. So we start by right clicking on the Forward Lookup Zones and choose New Zone. We're going to choose a Primary and Active Directory zone so that way it gets replicated in case we create any new domain controllers in the future, and we're gonna replicate to all DNS servers in the domain. We'll put in our Zone Name which will be yourdomain.org and click Next.
We'll open up our network card and we'll manually point it to our internal domain controller instead of
using the automatic DNS which is going to a public domain controller.
Point to OWA and click the Lock icon and view certificate, we see it’s secured by digicert successfully
Thanks - Aditya Mediratta
Guide provides you detailed step by step information required to order and install certificates in
exchange server 2016. Steps included in the guide have been defined as per best practices used in
hybrid exchange environment across several organizations around the globe .Domain names and
servers used in guide are solely a part of test lab environment and does not points to any public or
private organization's server in real world. “Happy learning. Human knowledge belongs to the
world”.