Scribd Logo
Upload

Welcome to Scribd!

  • 证书在 Exchange 2007 Server 中的使用

    Uploaded by

    Jack Wang
    16 views8 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views8 pages

    证书在 Exchange 2007 Server 中的使用

    Uploaded by

    Jack Wang

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Exchange 2007 Server

    Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
    2008-05-19
    Microsoft Exchange Server 2007 Exchange 2007

    Exchange 2007
    (CA)
    Exchange 2007 X.509

    Exchange 2007

    Exchange
    Exchange 2007
    Stuart Presley Microsoft

    Exchange 2007
    CA
    Exchange 2007

    Exchange 2007
    Exchange 2007 X.509 (TLS) (SSL) HTTPSSMTPPOP IMAP
    TLS Internet (IETF) TLS
    TLS TLS SSL SSL Netscape
    SSL
    TLS X.509 X.509 CA
    X.509 CA (PKI)
    (CA) CA CA
    Exchange 2007

    SMTP
    SMTP Exchange 2007 Active Directory
    Active Directory (ADAM) Active Directory
    TLS Exchange 2007 TLS
    EdgeSync Microsoft Exchange EdgeSync Active Directory ADAM
    Exchange 2007 ADAM Active Directory LDAP
    Microsoft Exchange EdgeSync Active Directory
    EdgeSync
    POP3 IMAP4 3 (POP3) Internet 4rev1 (IMAP4) Exchange
    POP3 IMAP4
    (UM) IP Microsoft Office Communications Server 2007 SMTP
    VoIP
    HTTP Exchange 2007 Autodiscover
    Service

    HTTP Outlook AnywhereMicrosoft Outlook Web Access


    Microsoft Exchange ActiveSync
    Exchange 2007
    CA
    Exchange 2007 Exchange CA

    CA
    Exchange 2007
    Kerberos NTLM Exchange 2007
    Exchange 2007 Exchange 2007 Active Directory
    Exchange CA
    Exchange ActiveSyncPOP3IMAP4 Outlook Anywhere CA
    Exchange 2007 Exchange 2007 Internet

    Exchange 2007 Exchange CA


    SMTP UM Exchange 2007 Server New-ExchangeCertificate
    cmdlet CA Exchange

    Exchange

    Exchange 2007 TLS cmdlet cmdlet Cmdlet


    Exchange 2007 Microsoft Exchange
    Windows API (CAPI) CA

    SMTP SMTP Kerberos


    SMTP STMP
    Active Directory EdgeSync Microsoft Exchange EdgeSync Active Directory
    ADAM ADAM Active Directory LDAP

    UM UM IP IP (PBX) Office Communications Server 2007


    (SIP) (RTP) UM
    SMTP


    Exchange CA
    Exchange Exchange Kerberos NTLM
    Active Directory
    Active Directory Exchange
    Internet Exchange CA
    CA

    POP3 IMAP4 Exchange


    Outlook Web Access
    Outlook Anywhere
    Exchange ActiveSync

    CA
    New-ExchangeCertificate cmdlet CA

    New-ExchangeCertificate
    TLS
    Exchange 2007 - CA

    Wiki URL

    Exchange 2007

    CA
    CA

    Internet
    Exchange
    Internet Internet Information Services (IIS)

    CA SubjectSubject Alternative Name (SAN)


    SAN

    X.509 SAN Exchange 2007


    CertificateDomains

    Outlook Web Access


    mail.contoso.com/owa POP3 pop.contoso.com *.contoso.com

    Microsoft

    Outlook

    Exchange Outlook 2007


    Outlook Anywhere

    Internet Explorer (Outlook Web Access)


    Exchange

    Windows Mobile 5.0

    1.

    SAN mail.contoso.compop.contoso.com mobile.contoso.com


    2.

    URL (FQDN)NetBIOS FQDN

    Exchange 2007 SAN


    Exchange Server 2007

    CA

    CA CA

    CA SAN SAN

    Microsoft CA CA Microsoft 929395 Exchange


    2007 Communications Server 2007

    CA CA CA
    CA CA CA

    Exchange 2007
    Exchange Exchange
    X.509

    X.509

    Enable-ExchangeCertificate cmdlet IIS Outlook Web


    Access Exchange ActiveSyncSMTPIMAPPOP
    Enable-ExchangeCertificate
    |FL Get-ExchangeCertificate cmdlet
    Get-ExchangeCertificate cmdlet X.509 Microsoft (MMC)
    Microsoft Get-ExchangeCertificate cmdlet
    Get-ExchangeCertificate

    X.509 Microsoft Exchange Get-ExchangeCertificate cmdlet

    New-ExchangeCertificate cmdlet New-ExchangeCertificate cmdlet


    New-ExchangeCertificate
    Get-ExchangeCertificate cmdlet Exchange X.509
    Issuer
    Exchange New-ExchangeCertificate cmdlet
    cn=hostname hostname
    CA Issuer CA
    X.509 Issuer
    Issuer New-ExchangeCertificate cmdlet Issuer
    Subject
    Subject X.500 New-ExchangeCertificate cmdlet
    Subject New-ExchangeCertificate cmdlet DomainName X.500

    C = /
    ST = //
    L =
    O =
    OU =

    CN =
    CA Subject TLS
    Exchange Microsoft Internet Security and Acceleration (ISA) Server 2006 SAN
    ISA Server Web ISA Server

    Wiki URL
    Exchange CN=hostname
    X.509 Subject
    New-ExchangeCertificate cmdlet SubjectName Subject
    CertificateDomains
    CertificateDomains DNS DNS Subject (cn=) SAN GetExchangeCertificate cmdlet Subject SAN
    CertificateDomains FQDN FQDN
    CertificateDomains
    POP3 mail.fourthcofee.com POP3 CertificateDomains
    mail.fourthcofee.com
    *.fourthcofee.com

    SAN Exchange MMC Internet Information Services (IIS) IIS


    IIS Outlook Web AccessExchange ActiveSync
    SAN TLS Exchange Exchange 2007
    CA SAN

    Wiki URL
    X.509 Subject Alternative NameGet-ExchangeCertificate cmdlet Subject
    CertificateDomains
    New-ExchangeCertificate cmdlet DomainName Subject CertificateDomains
    NotBefore NotAfter
    NotBefore NotAfter NotAfter Microsoft Exchange

    NotBefore X.509 Valid from NotAfter X.509 Valid to


    NotBefore NotAfter New-ExchangeCertificate cmdlet Exchange
    New-ExchangeCertificate cmdlet
    CertificateRequest
    X.509 Exchange
    New-ExchangeCertificate cmdlet GenerateRequest CertificateRequest

    Thumbprint Exchange X.509

    IsSelfSigned

    IsSelfSigned Exchange

    Exchange

    New-ExchangeCertificate cmdlet
    Exchange
    Exchange True False
    RootCAType
    RootCAType CA IsSelfSigned TrueRootCAType None

    Registry PKI CA
    ThirdParty CA
    GroupPolicy PKI CA
    Enterprise Active Directory PKI CA

    Unknown Exchange
    CA
    Registry
    Active Directory
    Services
    Services SMTPPOPIMAPUM IIS
    Enable-ExchangeCertificate cmdlet Services Services EnableExchangeCertificate
    Status
    Status Status Status ValidExchange
    Status

    Unknown (CRL)
    WinHTTP
    Valid
    Revoked CRL
    DateInvalid

    Untrusted CA CA
    MMC

    Invalid

    PKI

    WinHTTP
    HasPrivateKey
    HasPrivateKey Microsoft Exchange Microsoft Exchange POP3
    Microsoft Exchange IMAP4
    Thumbprint
    Thumbprint Exchange
    FQDN mail.fourthcoffee.com Exchange

    Thumbprint cmdlet

    Get-ExchangeCertificate
    Remove-ExchangeCertificate
    Export-ExchangeCertificate

    Enable-ExchangeCertificate
    Thumbprint X.509 Thumbprint

    X.509 CA CA CA CA CA CA
    CA
    CA CA CA
    CA
    CA CA CA

    WindowsWindows Mobile CA CA CA

    Windows

    CA

    CA PKI PKI CA PKI


    PKI
    CA Windows Windows

    CA Windows
    Windows MMC
    Windows Mobile Windows Mobile

    Exchange Outlook Web Access

    CA

    CA CA PKI PKI PKI


    PKI CA CA CA CA

    SMTP/TLS Microsoft Exchange HTTP IIS


    PKI
    CA CA (CRL)

    CA CRL
    CA CRL
    CA CRL PKI CRL (LDAP)
    CA CRL HTTP CRL MMC CRL
    Distribution Points CRL
    CA CRL
    CA CRL
    CA CRL
    WinHTTP
    Exchange 2007 Windows HTTP Services (WinHTTP) HTTP HTTPS
    HTTP Exchange 2007 Microsoft Forefront Security for Exchange Server
    Exchange WinHTTP CRL
    WinHTTP
    PKI
    Exchange PKI Certutil.exe Certutil.exe Windows Server
    PKI

    Exchange 2007 Exchange 2007


    Exchange
    cmdlet
    Exchange 2007 ExchangeCertificate cmdlet
    POP3
    Cmdlet
    Exchange Server IIS MMC Exchange 2007 Exchange
    ExchangeCertificate cmdlet Exchange

    New-ExchangeCertificate cmdlet
    Import-ExchangeCertificate cmdlet CA
    Export-ExchangeCertificate cmdlet
    Enable-ExchangeCertificate cmdlet
    Get-ExchangeCertificate cmdlet

    Remove-ExchangeCertificate cmdlet Exchange


    TLS
    ExchangeCertificate cmdlet Cmdlet
    ExchangeCertificate cmdlet

    Server1 fourthcoffee.com SMTP


    New-ExchangeCertificate -DomainName "server1.fourthcoffee.com", "server1" -Services "SMTP"

    Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate


    thumbprint
    Get-ExchangeCertificate <thumbprint> | New-ExchangeCertificate -Services SMTP,POP,IMAP

    Enable-ExchangeCertificate <thumbprint>

    CA
    POP3 FQDN popserver.fourthcoffee.com POP3

    CA
    New-ExchangeCertificate -DomainName popserver.fourthcoffee.com -SubjectName "c=us,o=contoso corp,
    cn=popserver.fourthcoffee.com" -PrivateKeyExportable:$True -GenerateRequest:$True -Path "C:\CertRequest.req"
    (.cer .der) Exchange

    .der .cerNewExchangeCertificate Base64 (.cer) BinaryEncoded .der


    PrivateKeyExportable $True FQDN Exchange
    POP3

    PrivateKeyExportable CA PrivateKeyExportable $True

    Subjectname X.500 CA X.500 CA


    organizationName (o=) Web commonName (cn=)


    Get-ExchangeCertificate cmdlet CertificateRequest
    CertificateRequest
    base64 CA

    CA Exchange New-ExchangeCertificatecmdlet
    Import-ExchangeCertificate -Path "C:\CertificateFile.cer"

    MMC Exchange

    POP3
    Enable-ExchangeCertificate <thumprint> -Services:"POP"

    Import-ExchangeCertificate -Path "C:\CertificateFile.cer" | Enable-ExchangeCertificate -Services:"POP"

    Get- ExchangeCertificate <thumbprint> | fl *

    Exchange 2007 SP1 (*)

    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
    System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {popserver.fourthcoffee.com, fourthcoffee.com}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=3rdPartyCAExample.com
    NotAfter : 8/7/2008 10:04:02 AM
    NotBefore : 8/7/2007 10:04:02 AM
    PublicKeySize : 2048
    RootCAType : ThirdParty
    SerialNumber : 83FAE8B2398F2A9E44485CBA85D548DF
    Services : POP
    Status : Valid
    Subject : C=us,o=contoso corp, CN=fourthcoffee.com
    Thumbprint : 257C327A164ED8A6FCDAFCA7789D29B60369DCA7

    CertificateDomains
    HasPrivateKey True
    RootCAType RootCAType

    Valid

    POPIMAPIIS SMTP
    IIS IMAP4 POP3 EnableExchangeCertificate cmdlet
    POP IMAP
    POP IMAP POPSettings IMAPSettings x509CertificateName

    POPSettings
    Get-POPSettings | fl *

    Exchange 2007 SP1 (*)


    IIS
    IIS IIS
    IIS Enable-ExchangeCertificate cmdlet IIS Outlook Web Access
    IIS IIS
    SMTP
    SMTP Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
    Microsoft Exchange TLS
    Microsoft Exchange
    Microsoft Exchange

    CertificateDomains FQDN

    Exchange SMTP STARTTLSPOP3 IMAP4

    SMTP STARTTLSSMTP X-AnonymousTLSPOP3 IMAP4 SMTP TLS

    SMTP STARTTLS
    STARTTLS TLS SMTP Exchange Exchange STARTTLS
    STARTTLSExchange FQDN CertificateDomains FQDN

    STARTTLS FQDN
    STARTTLS FQDN


    STARTTLS STARTTLS FQDNExchange FQDN
    FQDN Exchange TLS

    Enhanced Key Usage OID


    PKI RSA 1024

    Exchange

    NotBefore Exchange

    CA Exchange CA
    Exchange CA
    STARTTLS
    SMTP X-AnonymousTLS
    X-AnonymousTLS Exchange 2007 SP1

    Exchange Exchange CA
    Kerberos SMTP SMTP
    New-ExchangeCertificate cmdlet

    New-ExchangeCertificatecmdlet Microsoft Exchange EdgeSync


    POP3 IMAP4
    SMTP STARTTLS POP3 IMAP4 Exchange FQDN CertificateDomains
    POP3 IMAP4 X509CertificateName FQDN Get-POPSettings cmdlet GetIMAPSettings cmdlet X509CertificateName Get-POPSettings Get-IMAPSettings
    Exchange 2007 SP1 POP3 IMAP4 SMTP STARTTLS

    Exchange 2007 RTM POP3 IMAP4 CA Exchange 2007


    Exchange 2007 RTM POP3 IMAP4 POP3 IMAP4
    X509CertificateName mail.fourthcoffee.comExchange 2007 *.fourthcoffee.com

    Microsoft Exchange TLS Microsoft


    Exchange PKI CA PKI
    Microsoft Exchange UM

    Thumbprint
    (SHA1) Microsoft Exchange
    IP IP PBX
    Microsoft Exchange
    Microsoft Exchange
    TLS

    1.
    2.

    PKI

    PKI
    3.

    4.

    SAN ISA Server Web


    TLS
    TLS

    Enable-ExchangeCertificate
    Exchange 2007 - CA
    Export-ExchangeCertificate
    Get-ExchangeCertificate
    Get-IMAPSettings
    Get-POPSettings
    Microsoft
    WinHTTP
    PKI
    Import-ExchangeCertificate
    Lessons Learned:Generating a Certificate with a 3rd Party CA

    POP3 IMAP4
    New-ExchangeCertificate
    Remove-ExchangeCertificate
    SMTP TLS
    Exchange 2007 TLS
    EdgeSync
    Exchange Server 2007
    VoIP
    Exchange 2007 Communications Server 2007
    Exchange 2007 Autodiscover Service

    You might also like