Professional Documents
Culture Documents
Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
2008-05-19
Microsoft Exchange Server 2007 Exchange 2007
Exchange 2007
(CA)
Exchange 2007 X.509
Exchange 2007
Exchange
Exchange 2007
Stuart Presley Microsoft
Exchange 2007
CA
Exchange 2007
Exchange 2007
Exchange 2007 X.509 (TLS) (SSL) HTTPSSMTPPOP IMAP
TLS Internet (IETF) TLS
TLS TLS SSL SSL Netscape
SSL
TLS X.509 X.509 CA
X.509 CA (PKI)
(CA) CA CA
Exchange 2007
SMTP
SMTP Exchange 2007 Active Directory
Active Directory (ADAM) Active Directory
TLS Exchange 2007 TLS
EdgeSync Microsoft Exchange EdgeSync Active Directory ADAM
Exchange 2007 ADAM Active Directory LDAP
Microsoft Exchange EdgeSync Active Directory
EdgeSync
POP3 IMAP4 3 (POP3) Internet 4rev1 (IMAP4) Exchange
POP3 IMAP4
(UM) IP Microsoft Office Communications Server 2007 SMTP
VoIP
HTTP Exchange 2007 Autodiscover
Service
CA
Exchange 2007
Kerberos NTLM Exchange 2007
Exchange 2007 Exchange 2007 Active Directory
Exchange CA
Exchange ActiveSyncPOP3IMAP4 Outlook Anywhere CA
Exchange 2007 Exchange 2007 Internet
Exchange
Exchange CA
Exchange Exchange Kerberos NTLM
Active Directory
Active Directory Exchange
Internet Exchange CA
CA
CA
New-ExchangeCertificate cmdlet CA
New-ExchangeCertificate
TLS
Exchange 2007 - CA
Wiki URL
Exchange 2007
CA
CA
Internet
Exchange
Internet Internet Information Services (IIS)
Microsoft
Outlook
1.
CA
CA CA
CA SAN SAN
CA CA CA
CA CA CA
Exchange 2007
Exchange Exchange
X.509
X.509
C = /
ST = //
L =
O =
OU =
CN =
CA Subject TLS
Exchange Microsoft Internet Security and Acceleration (ISA) Server 2006 SAN
ISA Server Web ISA Server
Wiki URL
Exchange CN=hostname
X.509 Subject
New-ExchangeCertificate cmdlet SubjectName Subject
CertificateDomains
CertificateDomains DNS DNS Subject (cn=) SAN GetExchangeCertificate cmdlet Subject SAN
CertificateDomains FQDN FQDN
CertificateDomains
POP3 mail.fourthcofee.com POP3 CertificateDomains
mail.fourthcofee.com
*.fourthcofee.com
Wiki URL
X.509 Subject Alternative NameGet-ExchangeCertificate cmdlet Subject
CertificateDomains
New-ExchangeCertificate cmdlet DomainName Subject CertificateDomains
NotBefore NotAfter
NotBefore NotAfter NotAfter Microsoft Exchange
IsSelfSigned
IsSelfSigned Exchange
Exchange
New-ExchangeCertificate cmdlet
Exchange
Exchange True False
RootCAType
RootCAType CA IsSelfSigned TrueRootCAType None
Registry PKI CA
ThirdParty CA
GroupPolicy PKI CA
Enterprise Active Directory PKI CA
Unknown Exchange
CA
Registry
Active Directory
Services
Services SMTPPOPIMAPUM IIS
Enable-ExchangeCertificate cmdlet Services Services EnableExchangeCertificate
Status
Status Status Status ValidExchange
Status
Unknown (CRL)
WinHTTP
Valid
Revoked CRL
DateInvalid
Untrusted CA CA
MMC
Invalid
PKI
WinHTTP
HasPrivateKey
HasPrivateKey Microsoft Exchange Microsoft Exchange POP3
Microsoft Exchange IMAP4
Thumbprint
Thumbprint Exchange
FQDN mail.fourthcoffee.com Exchange
Thumbprint cmdlet
Get-ExchangeCertificate
Remove-ExchangeCertificate
Export-ExchangeCertificate
Enable-ExchangeCertificate
Thumbprint X.509 Thumbprint
X.509 CA CA CA CA CA CA
CA
CA CA CA
CA
CA CA CA
WindowsWindows Mobile CA CA CA
Windows
CA
CA Windows
Windows MMC
Windows Mobile Windows Mobile
CA
CA CRL
CA CRL
CA CRL PKI CRL (LDAP)
CA CRL HTTP CRL MMC CRL
Distribution Points CRL
CA CRL
CA CRL
CA CRL
WinHTTP
Exchange 2007 Windows HTTP Services (WinHTTP) HTTP HTTPS
HTTP Exchange 2007 Microsoft Forefront Security for Exchange Server
Exchange WinHTTP CRL
WinHTTP
PKI
Exchange PKI Certutil.exe Certutil.exe Windows Server
PKI
New-ExchangeCertificate cmdlet
Import-ExchangeCertificate cmdlet CA
Export-ExchangeCertificate cmdlet
Enable-ExchangeCertificate cmdlet
Get-ExchangeCertificate cmdlet
Enable-ExchangeCertificate <thumbprint>
CA
POP3 FQDN popserver.fourthcoffee.com POP3
CA
New-ExchangeCertificate -DomainName popserver.fourthcoffee.com -SubjectName "c=us,o=contoso corp,
cn=popserver.fourthcoffee.com" -PrivateKeyExportable:$True -GenerateRequest:$True -Path "C:\CertRequest.req"
(.cer .der) Exchange
Get-ExchangeCertificate cmdlet CertificateRequest
CertificateRequest
base64 CA
CA Exchange New-ExchangeCertificatecmdlet
Import-ExchangeCertificate -Path "C:\CertificateFile.cer"
MMC Exchange
POP3
Enable-ExchangeCertificate <thumprint> -Services:"POP"
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {popserver.fourthcoffee.com, fourthcoffee.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=3rdPartyCAExample.com
NotAfter : 8/7/2008 10:04:02 AM
NotBefore : 8/7/2007 10:04:02 AM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 83FAE8B2398F2A9E44485CBA85D548DF
Services : POP
Status : Valid
Subject : C=us,o=contoso corp, CN=fourthcoffee.com
Thumbprint : 257C327A164ED8A6FCDAFCA7789D29B60369DCA7
CertificateDomains
HasPrivateKey True
RootCAType RootCAType
Valid
POPIMAPIIS SMTP
IIS IMAP4 POP3 EnableExchangeCertificate cmdlet
POP IMAP
POP IMAP POPSettings IMAPSettings x509CertificateName
POPSettings
Get-POPSettings | fl *
CertificateDomains FQDN
SMTP STARTTLS
STARTTLS TLS SMTP Exchange Exchange STARTTLS
STARTTLSExchange FQDN CertificateDomains FQDN
STARTTLS FQDN
STARTTLS FQDN
STARTTLS STARTTLS FQDNExchange FQDN
FQDN Exchange TLS
Exchange
NotBefore Exchange
CA Exchange CA
Exchange CA
STARTTLS
SMTP X-AnonymousTLS
X-AnonymousTLS Exchange 2007 SP1
Exchange Exchange CA
Kerberos SMTP SMTP
New-ExchangeCertificate cmdlet
Thumbprint
(SHA1) Microsoft Exchange
IP IP PBX
Microsoft Exchange
Microsoft Exchange
TLS
1.
2.
PKI
PKI
3.
4.
Enable-ExchangeCertificate
Exchange 2007 - CA
Export-ExchangeCertificate
Get-ExchangeCertificate
Get-IMAPSettings
Get-POPSettings
Microsoft
WinHTTP
PKI
Import-ExchangeCertificate
Lessons Learned:Generating a Certificate with a 3rd Party CA
POP3 IMAP4
New-ExchangeCertificate
Remove-ExchangeCertificate
SMTP TLS
Exchange 2007 TLS
EdgeSync
Exchange Server 2007
VoIP
Exchange 2007 Communications Server 2007
Exchange 2007 Autodiscover Service