SSL introduction
when user try to access his email through Outlook Web Access [ OWA ] using URL : https://mail105/owa
they will get warring security indicating that certificate on exchange server [mail105 ] is invalid
actually warning above has two parts
the first one is good : which tel us that exchange server [Mail105 ]has a certificate to secure its’ connection
on the other side : the BAD news that certificate is ONLY valid on exchange server but NOT valid on other computers in the network
this is because certificate is [ self signed certificate ] which means that it has been created in exchange server [mail105 ] its self , and ONLY recognized by exchange server alone [mail105 ]
SO ,,, if we would to create certificate that could be adopted and recognized in ALL computer in network > then we have to use domain certificate [ CA ]
Certificate Authority has been already installed and verified in previous article [ please click here ]
the small part of work just to configure Mail105.pioneers.lab to use certificate authority CA in DC101 to secure [OWA ] connection
before move to configure certificate on Mail105.pioneers.lab > please have a look to network diagram below
to understand diagram above :
- Certificate authority installed in DC101.pioneers.lab which is responsible to issue certificate to any server request that
- on Certificate authority : we have created certificate template called exchage2016 , please note we can use default certificate template which called [ web server]
- as exchange server [mail105.pioneers.lab] will generate request asking for certificate , which will be DONE at this part
- Certificate Authority at DC101 will create certificate based on Exchange request
- Mail105 will import certificate that we got from certificate authority
- on exchaneg server : we will apply imported certificate to exchange services : MSTP , OWA, POP, IMAP
- now any computer on LAN or DMZ try to access exchange OWA > they will connect through secure connection
Generate SSL request
the first part is already DONE previously , please visit Certificate Authority :Part 1 ADCS
also the second part done
now it’s time to generate request for SSL certificate on Mail server
open Exchange control panel https://Mail105/ecp > server > mail105 > Certificate
you will find some self signed certificates p which as we mentioned before ] it’s NOT valid to be used locally
Create certificate in CA based on Exchange request
now its’ time to move to Certificate Authority on DC101 and create certificate based on request above
open http://DC101/Certsrv providing crednetial pioneers\administrator
import certificate to exchange control panel ECP
this step we will import certificate
copy downloaded certificate from previous steps to share folder \\Mail105\share01
the open ECP [sometimes we call it EAC
apply imported certificate to SMTP and OWA
the certificate is imported but NOT applied YET
Verify OWA From client computers
now client users will use their computers to access Exchange OWA with https
https://Mail105/owa or https://mail105.pioneers.lab/owa