I've taken the Hybrid approach to these certs. Let someone else tell me the PowerShell Code and then drop it in there.
So the basic PowerShell code to create a CSR looks like this:
Set-Content -path "C:\owa_acme_com" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=Washington, l=Somewhere, o=Acme Corp, ou=IT, cn=owa.acme.com" -DomainName autodiscover.acme.com, mailserver1.acme.com, mail.amce.com -PrivateKeyExportable $True)
Now how did I create it? DigiCert has a great online Cert Generation tool.
https://www.digicert.com/easy-csr/exchange2010.htm
Basically you enter all your names and info and they create the PowerShell for you. It even exports it automatically for you.
Now nothing says you have to use digicert once you have the CSR.
Now once you have the CER fire up PowerShell and import it.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\acme.cer -Encoding byte -ReadCount 0))
And then assign it to Exchange Services and your done. You'll also need the Certificate to be exportable. You'll probably have more than 1 CAS and your Load Balancer will need it for SSL Offloading or at least to open the SSL traffic and take a peek in.
Good luck... Life is easier when someone else writes a tool!
--Rich--
No comments:
Post a Comment