Announcement

Collapse
No announcement yet.

Create new self-signed certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create new self-signed certificate

    Hi,

    I'm using Outlook 2010 with RPC proxy. Servername = spike-ex00.mydomain.com

    My self-signed certificate of Exchange 2007 is expired and i've delete it.

    How can I make a new certifcate? Now I can only access exchange through OWA.

    My Outlook is giving the error 8.
    There is a problem with the proxy servers security certificate. The name on
    the security certificate is invalid or does not match the name of the target
    site [server IP address]. Outlook is unable to connect to the proxy server.
    (Error Code 10)"
    What can be the best steps to create a new certificate?

    Best regards,
    Joost Lauwen
    Last edited by toostje_85; 18th December 2012, 11:44. Reason: Update

  • #2
    Re: Create new self-signed certificate

    To save yourself a lot of hassle, buy a commercial certificate from e.g. www.godaddy.com
    Use the wizards in Exchange 2010 to generate it -- see Sembee's excellent guide for more info:
    http://exchange.sembee.info/2010/install/ssl.asp
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Create new self-signed certificate

      Originally posted by toostje_85 View Post
      Hi,

      I'm using Outlook 2010 with RPC proxy. Servername = spike-ex00.mydomain.com

      My self-signed certificate of Exchange 2007 is expired and i've delete it.

      How can I make a new certifcate? Now I can only access exchange through OWA.

      My Outlook is giving the error 8.


      What can be the best steps to create a new certificate?

      Best regards,
      Joost Lauwen
      As indicated by the error the name on the certificate differs to the URL being accessed by Outlook. The two must match. Whilst you can use Self Signed certificates if you want to configure Exchange properly, as indicated use a certificate from a public CA.
      If cost is an issue www.startssl.com issue free certificates for a year for single and SAN name spaces. Although the lata is limited to two names spaces only.

      Comment


      • #4
        Re: Create new self-signed certificate

        I've requested the StartSSL certificate. How can I import this key in our domain to use with Exchange Proxy?

        Best regards,
        Joost Lauwen

        Comment


        • #5
          Re: Create new self-signed certificate

          Did you generate the Certificate Request within Exchange?
          Just follow the guide I linked to above
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Create new self-signed certificate

            Originally posted by Ossian View Post
            Did you generate the Certificate Request within Exchange?
            Just follow the guide I linked to above
            I've just requested a trial certificate from PositiveSSL. They send me a *.cer-certificate.

            When I want to import this certificate the EMS says: Cert is found, but is not valid for use with Exchange. (Reason: Privatekeymissing)

            I followed your link, but i'm stuck on step 6. How can i get the *.pfx-file. I've added my certificate from PositiveSSL (Comodo) to the trusted root certificates on my local computer (Exchange 2007)
            Last edited by toostje_85; 20th December 2012, 09:40.

            Comment


            • #7
              Re: Create new self-signed certificate

              You need to generate a Certificate Request in Exchange, send that to the 3rd Party CA (normally paste into a web form) and that will generate an appropriate cert.

              Slightly confused about "step 6" as it doesnt appear on the page I give -- please post a screenshot if you can

              EDIT-- sorry, I misread your original post and thought you were using Exchange 2010, not the 2007 you actually are. The process is a bit more complex (and uses a lot of Powershell) in 2007 but again Sembee has documented it very well
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment

              Working...
              X