SSL Certificates
Exchange 2007 is built around web services, which means that SSL certificates are a vital part of that to ensure that data is moved between the clients and the server in a secure way. With the increased use of mobile devices and Outlook Anywhere, ensuring that your information, particularly authentication credentials are secure is very important.
Due to the integration of SSL with Exchange 2007, SSL certificate installation needs to be done with some care. The URLs used are now set within the product, and need to match not only the DNS entries, but names on the certificate.
Furthermore, unlike Exchange 2003 and older versions, IIS is not involved with the request, installation or management of the certificate. It all needs to be done through the Exchange management tools.
When Exchange 2007 is first installed, it creates a self signed certificate. This should be considered a place holder for a commercial trusted certificate. Not only does the self signed certificate generate certificate alerts for external clients, it is also not supported for use with Exchange ActiveSync or Outlook Anywhere.
This section covers the installation and configuration of a commercial SSL certificate in to Exchange 2007.
- Multiple Name SSL Certificate Request and Installation
This is the preferred method of installing SSL certificates for Exchange 2007, and also needs to be used if you are using the Unified Messaging Role. - SSL Certificate Installation on SBS 2008
SBS 2008 has Exchange 2007 at its core, but also introduces additional issues when it comes to the installation of the certificate. - Web Services and Other Client Access Host Name Configuration on Exchange 2007 Server
The changes required to Exchange 2007 so that the host names on your SSL certificate work correctly internally and externally.
Related Blog Articles
On our director's blog, SSL certificates are a common topic.
- Unified Messaging Requires the Server Name in the SSL Certificate
Covers the issue of the Unified Messaging role requiring the server's real name in the certificate, or it creates a self signed certificate on its own at boot. - More on SSL Certificates with Exchange 2007
Some of the points people miss or are caught on when using SSL certificates with Exchange 2007. - Why you shouldn't use self signed certificates
Originally written in Exchange 2003 days, this article covers the main reasons why a self signed certificate shouldn't be used, and is still relevant today.