31 C
Dubai
Thursday, May 8, 2025
Home Blog Page 97

how to install certificate authority on windows server 2012

Satheshwaran Manoharan
-
82
how to install certificate authority on windows server 2012

Step 1:

You need to have this role installed to have a  Certificate Authority , It can be DC or Exchange itself
I have done this in the Exchange Server itself (No Harm)

Open Server Manager – Manage – Add Roles and Features

image

Step 2:

Choose : Active Directory Certificate Services

Choose Next

And Choose : Certification Authority Web Enrollment

image

Choose :

Certification Authority

Certification Authority Web Enrollment

image

Choose Install

image

Choose Close

image

Step 3:

To Configure Active Directory Certificate Services

Choose the Exclamation Mark on the Flag

image

Choose Next

image

Choose

Certificate Authority

&

Certification Authority Web Enrollment

image
Choose Enterprise

image

Step 4:
Choose Root CA

image

Step 5:
Create a new Private key

image

Step 6:
Have this Default with 2048 key Character length

Updated === Its recommended to use SHA256 as SHA1 is retiring.

To Upgrade your existing internal CA –

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

image

Step 7:
Click Next

image

Step 8:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

image

Step 9:

image

image

Choose Configure

image

Installing and Configuring is Done.

Let us see how to Request a Create a Simple Cert from Internal Certificate Authority

Step 10:
Now if you Open IIS manager , you will see “CertSrv”  a Virtual Directory Created ,

image
Use the right side column “Browse *.443(https)

Note :

If you don’t see a “Browse *.443(https) , It means binding is not there. As my Example as Exchange 2013 , Exchange added the binding.

To add binding – Right Click on Default Web Site – Click on Edit Bindings

image

Click on ADD

HTTPS – 443 – Choose the CA Cert

image

Now you can see 443 in your website.

image

Step 11:
You would see a page like this , Choose Request a Certificate

image

Step 12:
Click on Advanced Certificate Request

image

Step 13:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC

image

Step 14:
Now Copy the  Note pad  – You have to generate a Certificate Request from the application. For example how we are doing in exchange server

https://www.azure365pro.com/how-to-create-an-ssl-certificate-request-for-exchange-server-2013/

Or you can use https://www.digicert.com/util/
Choose Template : WebServer

image

Step 15:
Choose “Base 64 encoded”

image

Step 16:
Save the Certificate

image

How to Complete a Pending SSL Certificate request in Exchange Server 2013

Satheshwaran Manoharan
-
3

See

How to Create an SSL Certificate Request for Exchange Server 2013

Now lets see how to Complete the Pending SSL Certificate in Exchange Server 2013

Step 1:

Login to Exchange Administration Center (EAC) in Exchange 2013

Servers – Certificates – Click on the  Cert Which has the Status “Pending Request”

Now go to your EAC – Servers – Certificates- Choose the Pending Request – Choose Complete

image

Step 2:

Create a Simple Share to Save the Cert

image

Now Enter the Share Name with Cert file name as below

image

Step 3:

Now Assign Services to the Certificate

Choose Cert and Click on Edit

image

image

Now the Server Part is ready

image

How to Create an SSL Certificate Request for Exchange Server 2013

Satheshwaran Manoharan
-
5

First we will learn how to Export a Certificate request file from Exchange 2013/Exchange 2016,

Step 1:

Login to Exchange Administration Center (EAC) in Exchange 2013

Servers – Certificates – Click on the “+” Sign – New

image

Choose

  • Create a request for a Certificate from the Certification authority

Next

image

Type a Friendly Name :

image

Leave it unchecked

Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com

image

Choose the Server to have the Cert Request

image

Step 2:

Enter the Required URL’s for your Exchange ,

image

For Example Am entering only for Outlook Web App (When accessed from the internet)

image

Step 3:

You will see the collection for URL’s

Traditionally –

Exchange requires only two Entries in the Cert, if you have other entries in the cert for some other purposes it doesn’t affect anything .

Mail.CareExchange.in

Autodiscover.CareExchange.in

Other entries can be removed. Servernames which has .local is not being allowed on a 3rd party Cert.

image

Step 4:

Fill out the Form

image

Create a Simple Share to Save the Cert Request

image

Save the Cert Request to a Shared Location as below

image

Now you could see the Pending Cert Request

image

Step 5:
Your request file would look like this

image

Open it via Notepad , because we need this content to generate a Certificate

image

I would recommend to use a 3rd party  commercial certificate where you need to purchase it from DigiCert

or

If you are planning to use internal Windows CA which is for free but you got to install the Cert on every client as its not trusted globally

How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

Satheshwaran Manoharan
-
74
How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

Using a internal windows CA certificate with Exchange 2010

Using a Self Sign Certificate can Manage Owa alone, But Issuing a Internal Windows CA Certificate can serve all type of Clients
So will learn how to do it on Windows Server 2012.

We can use a internal windows CA certificate with Exchange 2013 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error.
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate ,

You need to have two A records , Mail.domain.com and Autodisover.domain.com

and you will place the cert which we generate into the machines your configuring outlook. or any device, So that you can over come outlook errors

First we will learn how to Export a Certificate request file from Exchange 2013,

Step 1:

Login to Exchange Administration Center (EAC) in Exchange 2013

Servers – Certificates – Click on the “+” Sign – New

image

Choose

“Create a request for a Certificate from the Certification authority”

Next

image

Type a Friendly Name :

image

Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com

image

Choose the Server to have the Cert Request

image

Step 2:

Enter the Required URL’s for your Exchange ,

image

For Example Am entering only for Outlook Web App (When accessed from the internet)

image

Step 3:

You will see the collection for URL’s

image

Step 4:

Fill out the Form

image

Create a Simple Share to Save the Cert Request

image

Save the Cert Request to a Shared Location as below

image

Now you could see the Pending Cert Request

image

Step 5:
Your request file would look like this

image

ExchangeCert.req is the request file you created. Now right click on the file , Open with , Use notepad

Opening it via Notepad , It would give a set of Request content, You will use this content in the later part

image

Step 6:
You need to have this role installed to have a  Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)

Open Server Manager – Manage – Add Roles and Features

image

Step 7:

Choose : Active Directory Certificate Services

Choose Next

And Choose : Certification Authority Web Enrollment

image

Choose : Certification Authority Web Enrollment

image

Choose Install

image

Choose Close

image

Step 8:

To Configure Active Directory Certificate Services

Choose the Exclamation Mark on the Flag

image

Choose Next

image

Choose

Certificate Authority

&

Certification Authority Web Enrollment

image
Choose Enterprise

image

Step 9:
Choose Root CA

image

Step 10:
Create a new Private key

image

Step 11:
Have this Default with 2048 key Character length

image

Step 12:
Click Next

image

Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

image

Step 14:

image

image

image

Step 15:
Now if you Open IIS manager , you will see “CertSrv”  a Virtual Directory Created ,

image
Use the right side column “Browse *.443(https)

Step 16:
You would see a page like this , Choose Request a Certificate

image

Step 17:
Click on Advanced Certificate Request

image

Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC

image

Step 19:
Now Copied the content from the  Note pad  – (See Step5)
Choose Template : WebServer

image

Step 20:
Choose “Base 64 encoded”

image

Step 21:
Save the Certificate

image

Copied the File to a  Common Share

image

Step 22:

Now go to your EAC – Servers – Certificates- Choose the Pending Request – Choose Complete

image

image

Step 23:
Now Assign Services to the Certificate

Choose Cert and Click on Edit

image

image

Now the Server Part is ready

image
Step 24:

Now will learn how to install the Certificate in the Client End
Double Click on the Certificate

image

Click Install Certificate – Click Next –

image

Choose Local Machine

image

Choose Personal –

image
Click Next And Import will be Successful

image
Now Do the Same Process
Double Click on the Certificate

Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities

image
Double Click on the Certificate

Click Install Certificate – Click Next – Choose Intermediate Certification Authorities

image

Step 25:
Before

image

After installing the Certificate in the Client

image

Great !!

Now you learnt how to Use a internal windows CA certificate in Windows Server 2012 with Exchange 2013

Microsoft Exchange Server 2013 – Installing , Deploying , Configuring

Satheshwaran Manoharan
-
4
Microsoft Exchange Server 2013 – Installing , Deploying , Configuring

Minimum System Requirements and Forest Functional Level for Exchange 2013

Installations –

How to Install Exchange 2013 Sp1 on Windows Server 2012 R2

How to Install Exchange 2013 on Windows Server 2012

Installing Exchange 2013 on Windows Server 2008 R2 Sp1

Recipient Configuration –

How to Login to Exchange Administration Center (EAC) in Exchange 2013

Public Folders –

Exchange 2013 – Public Folders – Architecture -Part 1

Exchange 2013 – Public Folders – Creating and Managing -Part 2

Exchange 2013 – Public Folders – Features -Part 3

How to Recover Public Folder Items in Exchange 2013

Offline Address book –

How offline Address books works in Exchange 2013

ediscovery –

How to do a Proximity Search Using In-Place eDiscovery (NEAR) Operator in Exchange 2013

Certificates –

Configuring 3rd Party SSL Exchange Certificate in Exchange 2013

How to use a internal Windows CA (Certificate Authority) in Windows 2012 with Exchange 2013

How to import a Wildcard SSL Certificate in Exchange 2013

Configuring –

How to Configure Outlook Web App , Active Sync , Exchange Control Panel in Exchange 2013

How to Configure a Relay Connector for Exchange Server 2013

Adding Disclaimers –

How to Add a Professional Disclaimer in Exchange 2013

Office Web Apps Server Integration

Install and Configure Office Web Apps Server (OWAS) with Exchange 2013

Find More Exchange 2013 Articles here –

For Latest Exchange 2013 Articles

Also See

Rapid Migration Guide from Exchange 2010 to Exchange 2013

How to do a Proximity Search Using In-Place eDiscovery (NEAR) Operator in Exchange 2013

Satheshwaran Manoharan
-
6

Discovery Search was introduced in Exchange 2010 but it doesn’t support NEAR operator

It was supporting AND,OR operators

So happy that Exchange 2013 does support NEAR operator .

Lets see how to use it efficiently

Let say I want to Search a Mail Content has below in my Whole Organization

“One day Alan was asleep in his bed dreaming”

How to Search Efficiently to acquire better results ?

If am going to search for a name “Alan” in my Whole Org its going to return a plenty of results

Lets Say , You remember just about Alan and Bed alone.

Approximately where Alan and Bed have 4 words in-between, You can Increase the numbers as per your wish and depends on your criteria.

This example is just for your better understanding – Please Customize it as per your wish

Search Criteria would be – Where Alan and Bed Could be Near 6 words

Criteria Would be – (Alan NEAR(6) Bed)

How to Do it ?

Step 1:

Login to Exchange Administration Center (EAC) in Exchange 2013

Step 2:

Compliance Management – Choose New

image

Step 3:

Type a Friendly name for your search – And Description if required

image

Step 4:

You can choose the mailboxes to search or you can search all the mailboxes

image

Step 5:

Now my Criteria is

Criteria –

(Alan NEAR(6) Bed)

Explanation – Alan and Bed – both are within 6 words

Specify a Date if you wish to narrow down your search more

image

Also you can make a Search like – (Note – use can use also OR,AND operators)

Criteria – (Alan NEAR(6) Bed) OR (Alan NEAR(8) Dream*)

Explanation –

Alan and Bed – both are within 6 words

OR

Alan and Dream(Wildcard –Anything starts with Dream) – both are within 8 words

image

Step 6:

Choose Finish

image

Step 7:

Now your Search will be saved – Choose  Close

image

Step 7:

Now you can see Estimate partially Succeeded and number of items Returned

image

Step 8:

You can Preview your Search results- where viewing the results is more convenient in exchange 2013

image

Preview Results

image

Step 8:

To Copy the Results

image

Choose Copy Results – You can copy Search results to a Discovery mailbox

image

To View the Content in a mailbox – Choose Open in Right side of the Results

image

Now you can see all the Results in the Discovery Mailbox

image

Step 9:

If you want to Extract the Content to a PST

Create a Share –

image

Add Mailbox Import Export Permission –

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User Administrator

image

Close and Reopen Shell-

New-MailboxExportRequest –Mailbox DiscoverySearch* –FilePath "\\ServerName\ShareName\SearchResults.pst"

image

You can add the PST File to an Outlook and use the Search Results

Hope it helped you for better understanding !!

1...969798...113Page 97 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?