Views:

Extended Validation SSL Certificates, also known as EV Certificates, provide the strictest validation requirements to prove to your customers that your site is not a phishing or fraudulent website and turn the address bar green to show customers that it's safe to proceed on your website.

At this time Network Solutions® does not offer a Unified Communications Certificate, however, by following these instructions you can obtain two certificates for your environment:

  • Your existing mail.company.com certificate
  • A new Autodiscover.company.com certificate

As long as you can allocate the correct certificate at the correct time you are able to connect with no issues.

Doing this simply requires that you set up two virtual servers on the CAS server. One services Autodiscover.company.com on one IP address and the other services the remaining web services on mail.company.com using a different IP address.

Note: Each virtual site setup will need its own IP address.

Setup Process

Here is an outline of this setup process:

  1. 1. Obtain a separate certificate for mail.company.com and Autodiscover.company.com .
  2. 2. Create a new virtual server in IIS on the CAS.
  3. 3. Create a new Autodiscover virtual directory in the new virtual server and remove the old one.
  4. 4. Assign separate IP address, and certificates to each Virtual server.
  5. 5. Configure your internal SCP to point to Autodiscover.company.com .
  6. 6. Configure your Internal and External Service URLs to point to mail.company.com.
  7. 7. Make sure that your configured URLs will resolve internally and externally via DNS to the expected IP address for each of the services.

In this configuration, internal domain member clients find the SCP to make the connection to Autodiscover. External clients find Autodiscover.company.com using DNS to make the connection to Autodiscover. In both cases the clients are referred to mail.company.com for the actual Exchange Services.

Installation Instructions

You will have received your certificate file from us, usually named your_domain_com.cer.

Alternatively, you may have received it as several files: your_domain_com.crt and intermediate certificates UTNAddTrustServer_CA.crt and NetworkSolutions_CA.crt. The root certificate AddTrustExternalCARoot.crt may also be provided.

Follow these instructions to copy the file(s) you received to the server:

  1. 1. Open the Exchange Management Shell. This is done by clicking Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell.
  2. 2. Type and run the following command. It should all be entered on a single line.
  3. Import-ExchangeCertificate -Path C:\your_domain_name-or-order_number.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
  4. 3. The certificate is now installed. You may also need to follow the next steps to install the intermediate certificate(s) on the server.

Installing the Intermediate Certificates

Follow these instructions to install your certificate:

Note: If you use an ISA server in front of your Exchange server(s), you will need to export the certificate from Exchange onto the ISA server, and import. When doing so, you must be sure to include the whole certificate chain.

  1. 1. Click the Start menu, and choose Run.
  2. Enter the command mmc and click OK.
  3. 2. Click the File menu, and select the Add\Remove Snap-in option.
  4. 3. In the pop-up window, click the Add button.
  5. 4. Choose Certificates, then click the Add button.
  6. 5. Change the setting to Local Computer, then click Next.
  7. Note: This step is extremely important!

  8. 6. Choose Local Computer, then click Finish.
  9. Click Close in the Add Standalone Snap-in window, then click OK in the remaining window.
  10. 7. On the left-hand side, expand the folder for Intermediate Certification Authorities.
  11. Right-click the Certificates sub-folder, selecting All Tasks then clicking Import....
  12. This will start the Certificate Import Wizard. Click Next.
  13. 8. When prompted to choose a file, select the UTNAddTrustServer_CA.crt file. Click Next, Next, then Finish to complete the wizard.
  14. 9. If required, repeat steps 7 and 8 with the NetworkSolutions_CA.crt.
  15. You have now generated your CSR on Microsoft® Exchange 2007.
  16. Note: If you use an ISA server in front of your Exchange server(s), you will need to export the certificate from Exchange onto the ISA server, and import. When doing so, you must be sure to include the whole certificate chain.