Shulou(Shulou.com)06/02 Report--

In the previous environment, we have set up Exchange Server 2013 and realized the sending and receiving of mail in the intranet. However, when a user logs in to OWA, it always prompts for a certificate error.

It is estimated that students with obsessive-compulsive disorder feel uncomfortable to see this because the certificate is issued by an untrusted certification authority. Today our task is to solve this problem, no more nonsense, let's get down to business.

The first is to install the certificate service role, because I am here is an experimental environment, so directly installed on AD, conditional friends can be re-divided into a virtual machine or server to build. Open Server Manager, click manage, and select add roles or functions

Keep the default, next step

Role-or feature-based installation

Select a server

Check AD Certificate Service, and next step

Keep the default, next step

Keep the default, next step

Check the certification authority and Web enrollment

Default, next step

Default, next step

Click install

Installation is successful, and then we click configure

Keep the default, click next

Check before the service of the two roles, the next step

Select Enterprise CA, next step

Select the root CA, and next

Create a new private key

Keep the default, next step

Specify the CA name. I keep the default here.

The certificate is valid. For those who are afraid of trouble, go straight to double digits.

Specify the location of the certificate database

Confirm the configuration information, and then click configure.

Certificate service is configured successfully. Click close.

PS: after the certificate authority has successfully deployed, you need to import the CA root certificate to each Exchange server (the trusted root certificate authority), or import the certificate into Group Policy and push it to each server using Group Policy.

Open the Exchange 2013 ECP management interface, navigate to Server-Certificate, and click New

Create a request to obtain a certificate from a certification authority, next

Enter the certificate friendly name and click next

Whether or not to request a wildcard certificate is not selected here.

Select Certificate Store

Here we select outlook on Web and click next

Add the relevant domain name, and then select the certificate common name

Fill in the relevant information

Save the certificate request to a file and click finish

In the interface, you can see that the certificate we applied for has come out, but the status is shelved.

Create a new web tab and enter the FQDN address of the certificate server to access it.

Http://exchad.windows.com/certsrv

Enter the account number

Click to apply for a certificate

Application for Advanced Certificate

Use base64 coding to apply

Open the certificate request file in notepad, copy the code in it to the saved application, select Web server as server template, and click submit.

Download certificate

Save as Desktop, click Save

Open the ECP management interface, navigate to Server-Certificate, select the certificate we just created, and click finish on the right.

Enter the certificate path, click OK, and now we can see that the status of the certificate has become valid

Then we assign a service for this certificate, double-click the certificate, or click Edit

Check SMTP, IMAP, POP, IIS (at least SMTP and IIS should be selected), and click Save

Whether to overwrite the existing default SMTP certificate, select Yes

Service allocation successful

Now let's export the certificate from ExchCas01 and import it into ExchCas02. Click more and choose to export the Exchange certificate.

To determine the file and password to export to, click OK

Select another front-end server

Import Exchange certificate

To determine the certificate path and password to be imported, click next

Specify the server to which you want to apply this certificate, and click finish

Certificate imported successfully

Then we assign services.

Overwrite the current SMTP certificate

Service allocation completed

When you open ECP again, there is no indication that there is a problem with the certificate.

At this point, the Exchange certificate configuration is complete.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.