The
various remote administration methods (EMS, EMC, ECP, and even RDP) in
this article rely on certificates for encryption and authentication.
This is the trend in the industry, to rely on X.509 certificates and PKI
to transparently secure computer systems across platforms such as
Windows and Linux operating systems and across applications such as
Internet Explorer and Safari browsers.
The procedures in this
article assume that the target Exchange Server 2010 server has a
certificate that is issued by a trusted certification authority—that is,
a certificate authority trusted by the client. This will not be the
case if the Exchange Server 2010 server uses a self-signed certificate.
If that’s the case, the self-signed certificate needs to be imported
into the trusted certification authority list of the client certificate
store.
On the Exchange Server 2010 server, execute the following steps to export the self-signed certificate:
1. | Click Start, and in the Start Search box, type mmc and press Enter.
| 2. | From the File menu, select Add/Remove Snap-In.
| 3. | Add
the Certificates snap-in and select to manage certificates for the
Computer account. When prompted to select a computer, select the local
computer and click Finish and OK.
| 4. | In the Certificate Manager console, open the Personal node and then select Certificates.
| 5. | In
the right pane, right-click the certificate with the server name of the
Exchange 2010 server in Issued To column, select All Tasks, and then
select Export.
| 6. | In the Certificate Export Wizard, click Next.
| 7. | On the Export Private Key page, select No, Do Not Export the Private Key and click Next.
| 8. | On the Export File Format page, select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B) and select Next.
| 9. | On the File to Export page, specify a path and filename to export the certificate to—for example, c:\EX1SelfSignedCert.p7b. After you specify a path and filename, click Next and then click Finish.
|
On the client computer, execute the following steps to import the certificate:
1. | Copy the certificate file from the previous steps to the client computer.
| 2. | Click Start for the Windows Vista pearl, and in the Start Search box, type mmc and press Enter.
| 3. | From the File menu, select Add/Remove Snap-In.
| 4. | Add
the Certificates snap-in and select to manage certificates for the
Computer account. When prompted to select a computer, select the local
computer and click Finish and OK.
| 5. | In Certificate Manager, open Trusted Root Certification Authorities and then select Certificates.
| 6. | Right-click Certificates; then select All Tasks and then select Import.
| 7. | In the Certificate Import Wizard, click Next.
| 8. | On
the File to Import page, specify the path and filename of the
certificate file you copied to the client computer—for example, c:\EX1SelfSignedCert.p7b. After you specify the path and filename of the certificate file, click Next.
| 9. | On
the Certificate Store page, select Place All Certificates in the
Following Store; then click Browse and select Trusted Root Certification
Authorities. Click OK and then click Next.
| 10. | Click Finish to import the certificate into the client computer.
| 11. | A security warning appears that asks Do You Want to Install This Certificate?. Respond Yes to the security warning.
|
Now the Exchange Server 2010 self-signed certificate will be trusted by the client system.
|
