Viac

Unified Communications SSL

  • What domains should I include in UC certificate?

    It depends how the server and network is setup.

    In most cases, domains included are:

    1. Internal server name.
    2. Internal server with internal domain name.
    3. Domains uses for server access through Outlook Web Access or POP/IMAP.
    4. Domains used in Exchange/Outlook 07.


    Examples:
    mailserver - Private Server Name
    mailserver.local - Internal LAN name
    mailserver.mydomain.net - POP / SMTP / IMAP Server
    mailserver.domain.com - POP / SMTP / IMAP Server
    owa.domain.com - Outlook Web Access
    autodiscover.domain.com – AutoDiscover

  • Installing the UC Root and Intermediate Certificates

    Save to the desktop of the webserver machine the Root and Intermediate certificates and then:

    • enter the Start menu and select Run,
    • type mmc and select OK,
    • the new window will appear, click File and select Add/Remove Snap In,
    • in the next box click Add... button,
    • from Add Standalone Snap-in box select Certificates and click Add,
    • in the next step select Computer account option and click Next,
    • select Local computer and click Finish button.

    Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in and Return to the MMC.

    To install Root Certificate:

    • in the box Console1 - Console Root go to Tree tab and right click on Trusted Root Certification Authorities, select All Tasks and Import,
    • certificate Import Wizard will show up - click Next,
    • browse the Root Certificate and click Next and Finish when completed.


    To install Intermediate Certificate(s):

    • in the box Console1 - Console Root go to Tree tab and right click the Intermediate Certification Authorities, select All Tasks and Import,
    • complete the Wizard again and choose Finish button at the end.


    Please ensure that the Root ans Intermediate certificates are in right directories (Trusted Root Certification Authorities and Intermediate Certification Authorities).

    You may need to restart the server.

  • Is it possible to install UC certificate on more than one server?

    It depends on the issuer.

  • How to export and import UC certificate?

    If you want to backup UCC SSL with private key, use the following command:
    Export-ExchangeCertificate -Thumbprint -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password

    Command to import SSL:
    Import-ExchangeCertificate -Path c:\certificates\export.pfx -Password:(Get-Credential).password

    To get Thumbprint SSL of installed certificate, open Exchange Management Shell (Start -> Programs -> MS Exchange 2007 -> Exchange Management Shell) any type the command:
    Get-ExchangeCertificate