Outlook Anywhere with self-signed certificate

In order to use outlook anywhere from outside, your certificate should contact the Root certificate Authority (Root CA) and you should not get any Pop Up warnings for the certificate, if you recieve this warning, then Outlook Anywhere will not work, even if you have all the correct configuration from internal. Your cerficiate should be working without any warnings or problems, and it should be trusted, if you are using Microsoft CA Server located inside, then you need to export the Root CA from that internal server and install it on the client that is trying to connect from outside. If you are using a third party certificate, then you have to install its Root CA internally on your exchange servers, and make sure that the root certificate of that third party CA is available under the certificate store of the client and under trusted certificates as well.

Important: Outlook Anywhere requires a valid certificate issued by a trusted Certification Authority.

This article will concentrate to help you setup your own Certification Authority, and issue a UC certificate for Exchange 2007.

1. Install the root certification authority role

Go to ‘Server Manager’ –> ‘Add Roles’ wizard –> Choose ‘Active Directory Certificate Services’ –> Next –> Choose ‘Certification Authority’ only (don’t need the other role services) –> Enterprise –> Next –> Root CA –> Next –> Create a new private key –> Keep all defaults here (2048 length / RSA Sha1 key) –> Keep Common Name as default –> Next –> Valid for 5 years should be fine as this is just for testing, change if you wish –> Next, Finish

2. Create the UC \ SAN certificate request

I would highly recommend navigating to the Digicert website and making use of their ‘free to use’ tool for creating a Exchange 2007 UCC cmdlet. (at time of writing this could be found at https://www.digicert.com/easy-csr/exchange2007.htm)

All in all you will need to include the ‘fully qualified domain name’ as specified for external access. The server NetBIOS name and distinguished name for internal access PLUS the autodiscover reference

mail.domain.com
autodiscover.domain.com
server.domain.local
server

New-ExchangeCertificate -GenerateRequest -Path c:\domain.csr -KeySize 2048 -SubjectName “c=GB, s=TheState, l=TheCity, o=TheOrgName, ou=TheDeptName, cn=mail.domain.com” -DomainName mail.domain.com, server.domain.local, server, autodiscover.domain.com -PrivateKeyExportable $True

3. Import the request file and generate us a certificate

certreq.exe -submit -attrib “CertificateTemplate:WebServer” c:\domain.csr.

This will generate a .cer file for us to import into Exchange.

4. Process the certificate request file

Using the generated .cer, go into Certificate Authority MMC (Start –>
Search –> type ‘Certification Authority’) –> Go to issued –>
Go to certificate -> Open –> Details –> Copy to file –>
Cryptographic message syntax standard -PKCS #7 Include all certificates
in the path –> Export –> Export as C:\domain.p7b.

5. Importing the certificate and attaching the relevant services

Import-ExchangeCertificate -Path C:\domain.p7b
Enable-ExchangeCertificate -Thumbprint <your thumbprint> -services IIS, POP, IMAP, SMTP

6. Importing the ‘certificate authority’ to client devices

On the server –> Go to IE –> Internet Options –> Content –> Certificates –> Go to Trusted Root Certificate Authority –> Export –> Cryptograpyhic Message Syntax Standard (.P7B) + Include all certificates in the path –> Export.

Then on the computers you need to TRUST the ‘certificate authority’ certificate, simply IMPORT this certificate into Trusted Root Certification

Authority using Internet Explorer Import command (make sure it is imported into Trusted Root Certification Authority when prompted by Import routine).


AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.

About

AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...

Contacts

Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077

Connect

Join us in social networks to be in touch.

Newsletter

Complete the form below, and we'll send you our emails with all the latest AUST IT news.