Server

Getting a SAN certificate for Exchange 2007

Exchange 2007 uses SAN certificates, which allow you to mix several different server names in a single certificate. Generating a certificate can be a problem, as the PowerShell command needed to generate the certificate signing request can be long, and unwieldy – and it’s easy enough to make a mistake when typing in part of a long command.


The DigiCert web site makes it a lot easier to produce the CSR, with an online wizard that simplifies the process of building the PowerShell command you need. Go to www.digicert.com/easy-csr/exchange2007.htm, and you’ll find a simple online wizard.

You’ll need to have defined the server names in advance. Start with a common name like “mail.itexpertmag.co.uk”, and then the appropriate server alternate names, which can include the standard autodiscover address for Outlook Anywhere and internal network names. The number you can use will depend on the available name slots in the server certificate you intend to buy (usually sold with five or ten slots). You’ll also need to fill in details of your organisation, and the size key you want to use.

Once you’ve completed the form, click the Generate button. This will produce the command you’ll need to use to generate the certificate signing request – copy the PowerShell code into the Exchange Management Shell, and run. The CSR will be in the root of your servers C: drive (though you can change this by modifying the Path section of the command), ready to be passed on to a signing authority.

Link to a Relevant FeatureClick here to go to the main feature - Upgrading Small Business Server 2003 to Exchange 2007


 
Banner

Show other articles by this author

Share |
Write comment
security image
smaller | bigger
Comments (2)
Author
Message
paul Campbell
Posted: Apr, 17 2009

IT Manager

Ive been 25 years in It and i have to say this is the best mag ive read , i always look for info on 2003 and 2008 servers and most magazines are fullof usless articles.... NOT yours , i dont think i skipped one thsi month - OUTSTANDING - Keep up good work... I have recomended many to sign up.
Thanks again TOP MAG!!!
jonb
Posted: Aug, 20 2009

product manager

Also, be careful that one may need to most recent patches (April 2009?) to Outlook 2007 as earlier version did not traverse down the list of hostnames is the cert i.e. if outlook does not find the hostname its looking for first, it will pop up a cert error.

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

There are plenty of technical discussion sites on the Web, but if you're looking for a community where you have a chance to meet other experts and network in person, check out the list of UK technical user groups at http://www.ukusergroups.co.uk/. The new Active Directory User Group (http://adug.co.uk/) is kicking off with a meeting at Microsoft's London office in October, the Windows Server Team (http://winserverteam.org.uk/Default.aspx) is planning meetings in January and Vista Squad
(http://vistasquad.co.uk/), the Microsoft Messaging and Mobility Group (http://www.mmmug.co.uk) and Windows Management User Group (http://wmug.co.uk) are running regular meetings too. read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources

RECENT COMMENTS