SSL


Exchange set external/internal URL’s

When configuring Exchange it’s important to have your external and internal url’s correctly configured. Otherwise you are running into errors like those :

digicert_error

Configuring those url’s isn’t that difficult, you just want to make sure you configure all the URL’s and have an appopiate SSL cert. After importing the right SSL you can use a free tool from DIGIcert who makes all the settings for you. Let’s take a look :

 

digicert_001

Hit next Glimlach

digicert_002

Next again..

digicert_003

Next..

digicert_004

Next ofcourse..

digicert_005

And finally Execute (not next!)

I think it’s a nice tool. It’s quick and easily and you make sure you don’t forget anything. Exchange 2013 isn’t supported yet… Bedroefde emoticon
You can find their tool here : http://www.digicert.com/internal-domain-name-tool.htm

Tags van Technorati: ,

How to : Request (or renew) SSL certificate for Webinterface

This is how you request and install (+bind) a SSL certificate for example Citrix Webinterface.

Before you start you must now the external DNS name of your webinterface. In this case I use portal.company.nl
Test to make sure the webserver is responding and the firewall is configured. You notice a SSL warning/error. Something like this :

portal001

(The following screendump is a Firefox warning in Dutch Glimlach)

Now go to your Webinterface server and open IIS manager :

 

portal002

Go to the servername in the left pane, select Server Certificates in the middle pane and…

portal003

..select Create Certificate Request in the right pane.

Fill in the following screens :

 

portal004

Make sure the common name equals the name of your Webserver (Webinterface) on the Internet, for example portal.company.nl (For security reasons I greyed out some of the information in the screendumps)

 

portal005

Make sure you select at least 2048 bits. None of the SSL providers don’t accept anything less.

portal006

Provide a name for the certificate request file. In this file you will find the CSR. You will have to give this to your SSL provider. When you have done that, you can complete your Certificate Request in the same screen, only one option lower :

 

portal007

Unzip the file you received from your SSL provider and select next :

portal008

(Make sure that your friendly name is spelled correctly)

After this step your new certificate is imported :

portal009

Now you have to bind this certificate to the right port :portal011

Go to the default website, select SSL settings and choose in the right pane the option bind. Select port 443 and your newly imported certificate. Now stop/start your (web) services and you are ready to go :

portal010


Easily create CSR for Exchange Certificate (2010)

On this site https://www.digicert.com/easy-csr/exchange2010.htm you can easily create a powershell command for a Exchange 2010 certifcate request (CSR).

digicert

Just fill in the appropriate names and the powershell command will be created. For the command name I always use the name of the Exchange receive connector.

Maybe you have a good alternative or script to create a CSR. Please leave a comment and share it with us!