ENTERPRISE

Remote Administration of Exchange Server 2010 Servers : Certificates, Trust, and Remote Administration

3/18/2011 9:05:11 AM
The various remote administration methods (EMS, EMC, ECP, and even RDP) in this article rely on certificates for encryption and authentication. This is the trend in the industry, to rely on X.509 certificates and PKI to transparently secure computer systems across platforms such as Windows and Linux operating systems and across applications such as Internet Explorer and Safari browsers.

The procedures in this article assume that the target Exchange Server 2010 server has a certificate that is issued by a trusted certification authority—that is, a certificate authority trusted by the client. This will not be the case if the Exchange Server 2010 server uses a self-signed certificate. If that’s the case, the self-signed certificate needs to be imported into the trusted certification authority list of the client certificate store.

On the Exchange Server 2010 server, execute the following steps to export the self-signed certificate:

1.
Click Start, and in the Start Search box, type mmc and press Enter.

2.
From the File menu, select Add/Remove Snap-In.

3.
Add the Certificates snap-in and select to manage certificates for the Computer account. When prompted to select a computer, select the local computer and click Finish and OK.

4.
In the Certificate Manager console, open the Personal node and then select Certificates.

5.
In the right pane, right-click the certificate with the server name of the Exchange 2010 server in Issued To column, select All Tasks, and then select Export.

6.
In the Certificate Export Wizard, click Next.

7.
On the Export Private Key page, select No, Do Not Export the Private Key and click Next.

8.
On the Export File Format page, select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B) and select Next.

9.
On the File to Export page, specify a path and filename to export the certificate to—for example, c:\EX1SelfSignedCert.p7b. After you specify a path and filename, click Next and then click Finish.

On the client computer, execute the following steps to import the certificate:

1.
Copy the certificate file from the previous steps to the client computer.

2.
Click Start for the Windows Vista pearl, and in the Start Search box, type mmc and press Enter.

3.
From the File menu, select Add/Remove Snap-In.

4.
Add the Certificates snap-in and select to manage certificates for the Computer account. When prompted to select a computer, select the local computer and click Finish and OK.

5.
In Certificate Manager, open Trusted Root Certification Authorities and then select Certificates.

6.
Right-click Certificates; then select All Tasks and then select Import.

7.
In the Certificate Import Wizard, click Next.

8.
On the File to Import page, specify the path and filename of the certificate file you copied to the client computer—for example, c:\EX1SelfSignedCert.p7b. After you specify the path and filename of the certificate file, click Next.

9.
On the Certificate Store page, select Place All Certificates in the Following Store; then click Browse and select Trusted Root Certification Authorities. Click OK and then click Next.

10.
Click Finish to import the certificate into the client computer.

11.
A security warning appears that asks Do You Want to Install This Certificate?. Respond Yes to the security warning.

Now the Exchange Server 2010 self-signed certificate will be trusted by the client system.

Other  
  •  Enabling Presence Information in SharePoint with Microsoft Communications Server 2010
  •  Integrating Exchange 2010 with SharePoint 2010
  •  Documenting an Exchange Server 2010 Environment : Exchange Server 2010 Project Documentation
  •  Documenting an Exchange Server 2010 Environment : Benefits of Documentation
  •  Getting the Most Out of the Microsoft Outlook Client : Using Cached Exchange Mode for Offline Functionality
  •  UML Essentials - UML at a Glance
  •  Understanding Microsoft Exchange Server 2010
  •  Working with Email-Enabled Content in SharePoint 2010
  •  Enabling Incoming Email Functionality in SharePoint
  •  Getting the Most Out of the Microsoft Outlook Client : Using Outlook 2007 (part 3) - Using Group Schedules
  •  Getting the Most Out of the Microsoft Outlook Client : Using Outlook 2007 (part 2) - Sharing Information with Users Outside the Company
  •  Getting the Most Out of the Microsoft Outlook Client : Using Outlook 2007 (part 1)
  •  Implementing and Validating SharePoint 2010 Security : Using IPsec for Internal SharePoint Encryption
  •  Examining Integration Points Between SharePoint and Public Key Infrastructure
  •  Getting the Most Out of the Microsoft Outlook Client : Deploying Outlook 2007
  •  Getting the Most Out of the Microsoft Outlook Client : Implementing Outlook Anywhere
  •  Getting the Most Out of the Microsoft Outlook Client : Security Enhancements in Outlook 2007
  •  Getting the Most Out of the Microsoft Outlook Client : Highlighted Features in Outlook 2007
  •  Sharepoint 2010 : Deploying Transport-Level Security for SharePoint
  •  sharepoint 2010 : Verifying Security Using the Microsoft Baseline Security Analyzer
  •  
    Top 10
    Nikon 1 J2 With Stylish Design And Dependable Image And Video Quality
    Canon Powershot D20 - Super-Durable Waterproof Camera
    Fujifilm Finepix F800EXR – Another Excellent EXR
    Sony NEX-6 – The Best Compact Camera
    Teufel Cubycon 2 – An Excellent All-In-One For Films
    Dell S2740L - A Beautifully Crafted 27-inch IPS Monitor
    Philips 55PFL6007T With Fantastic Picture Quality
    Philips Gioco 278G4 – An Excellent 27-inch Screen
    Sony VPL-HW50ES – Sony’s Best Home Cinema Projector
    Windows Vista : Installing and Running Applications - Launching Applications
    Most View
    Bamboo Splash - Powerful Specs And Friendly Interface
    Powered By Windows (Part 2) - Toshiba Satellite U840 Series, Philips E248C3 MODA Lightframe Monitor & HP Envy Spectre 14
    MSI X79A-GD65 8D - Power without the Cost
    Canon EOS M With Wonderful Touchscreen Interface (Part 1)
    Windows Server 2003 : Building an Active Directory Structure (part 1) - The First Domain
    Personalize Your iPhone Case
    Speed ​​up browsing with a faster DNS
    Using and Configuring Public Folder Sharing
    Extending the Real-Time Communications Functionality of Exchange Server 2007 : Installing OCS 2007 (part 1)
    Google, privacy & you (Part 1)
    iPhone Application Development : Making Multivalue Choices with Pickers - Understanding Pickers
    Microsoft Surface With Windows RT - Truly A Unique Tablet
    Network Configuration & Troubleshooting (Part 1)
    Panasonic Lumix GH3 – The Fastest Touchscreen-Camera (Part 2)
    Programming Microsoft SQL Server 2005 : FOR XML Commands (part 3) - OPENXML Enhancements in SQL Server 2005
    Exchange Server 2010 : Track Exchange Performance (part 2) - Test the Performance Limitations in a Lab
    Extra Network Hardware Round-Up (Part 2) - NAS Drives, Media Center Extenders & Games Consoles
    Windows Server 2003 : Planning a Host Name Resolution Strategy - Understanding Name Resolution Requirements
    Google’s Data Liberation Front (Part 2)
    Datacolor SpyderLensCal (Part 1)