comodo.sslinformationcenter.com. EV SSL Multi-Domain, IntranetSSL, EV SSL SGC, InstantSSL, EV SSL, Украинский сертификационный центр СП Адграфикс Хмельницкий Украина Ukraine SSL UA

Добро пожаловать в компанию Веб Траст Ураина

Русская версия сайта по продаже сертификатов

Українська версія магазина по продажу сертифікатів

+A | R | -A | |-| |<->|
* Грн. * Руб. Дол. Евро ( $1=8.6UAH )

Сертифіковано в Україні

General FAQ

EV Certificate FAQ

Content Verification FAQ

Unified Communications FAQ

Unified Communications Certificates FAQ

Creating a CSR on Exchange 2007 In order to create a CSR on Exchange 2007, you must use the New-ExchangeCertificate cmdlet which can be used from the Exchange Management Shell (EMS)
Note: Exchange Management Shell: Click Start, click Programs, and then click Microsoft Exchange Server 2007. Then click Exchange Management Shell.

The 'GenerateRequest' parameter for this cmdlet will create the CSR, as a PKCS#10 file which we will then use to create your certificate.

The 'SubjectName' parameter contains the details that are signed into the certificate. The 'CN' parameter is the PrimaryDomainName (Please use a fully qualified domain name[FQDN]), and should also be entered into the order form.

An example command to generate a request would be:

New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Comodo, CN=exchange.comodo.com" -Path c:\exchange.comodo.com.req

The resulting 'exchange.comodo.com.req' file can be opened in Notepad or similar text-editor and pasted into the order form.

Note: If you plan on exporting your certificate from your server or making a backup of this you will need to use the below command to enable this

New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Comodo, CN=exchange.comodo.com" -Path c:\exchange.comodo.com.req -PrivateKeyExportable $true

Note: This is the bare minimum that we require for UCC CSRs. Adding extra flags to the above command(s) may not have the intended result. We do not need the other domains included in the CSR. There are places for them on the UCC order form.

For more information on the Office Communications Server 2007 Certificate Wizard and installing certificates for Office Communications Server, see the deployment documentation available on the Office Communications Server 2007 Technical Library.

Important:
To access Exchange Management Shell cmdlets, you must load the Exchange Management Shell from the Microsoft Exchange Server 2007 program menu.

What domains should I include in my UCC certificate? This is largely dependent on how your server and your network is setup and how you access your server.

Most people will include the following three options in their certificates:

1. The internal server name
2. The internal server with the internal domain name
3. The domain names used for externally accessing the server either through Outlook Web Access or POP/IMAP.
4. The Auto Discover Domain used for new Exchange/Outlook 07 functionality (New to Exchange 2007 is the Auto Discover service).(optional)

So, below is an example of the domain list for the above:

mailserver -- Private Server Name
mailserver.local -- Internal LAN name
mailserver.mydomain.net -- POP/SMTP/IMAP Server
mailserver.domain.com -- POP/SMTP/IMAP Server
owa.domain.com -- Outlook Web Access
autodiscover.domain.com -- AutoDiscover

For more information on the Office Communications Server 2007 Certificate Wizard and installing certificates for Office Communications Server, see the deployment documentation available on the Office Communications Server 2007 Technical Library

More about AutoDiscover from Microsoft's TechNet.

The Autodiscover service makes it easier to configure and manage Outlook 2007. Earlier versions of Microsoft Exchange and Outlook required that you configure all user profiles manually to access Exchange. Extra work was required to manage these profiles if changes occurred to the messaging environment. Otherwise, the Outlook clients could stop functioning correctly.

The Autodiscover service uses a user's e-mail address and domain account to automatically configure the user's profile. By using the e-mail address and domain account, the Autodiscover service can provide the following information to the client:

* The user’s display name
* Separate connection settings for internal and external connectivity
* The location of the user’s Mailbox server
* The URLs for various Outlook features that govern such functionality as Availability (free/busy) information, the Out of Office Assistant, Unified Messaging, and the Web-based offline address book
* Outlook Anywhere server settings

What should I use as my 'primary' Common Name? Your primary common name in a Unified Communications Certificate should be the main URL used to access the server (normally an external domain). For compatibility with older mobile devices it is recommended that you use the URL that your mobile devices connect to as the primary common name.

Note: If you are requesting a certificate for Office Communications Server 2007 then you will need to use the internal domain name for the server as your primary Common name

For more information on the Office Communications Server 2007 Certificate Wizard and installing certificates for Office Communications Server, see the deployment documentation available on the Office Communications Server 2007 Technical Library

Installing a Certificate on Exchange 2007 Once you have purchased your certificate, and the domains have been validated as under your ownership, you will receive an email containing the certificate.
The certificate file should be copied onto your Exchange 2007 server. It is then installed using the Import-ExchangeCertificate cmdlet. Note: do NOT use the Certificates snap-in for the MMC to install the certificate. This will not work for Exchange 2007!

Open the Exchange Management Shell.

This can be done by doing the following: Click Start, click Programs, and then click Microsoft Exchange Server 2007. Then click Exchange Management Shell.

In this example, the certificate file is copied to the server as the file 'c:\exchange.comodo.com.crt'

Import-ExchangeCertificate -Path c:\exchange.comodo.com.crt | Enable-ExchangeCertificate -Services SMTP

The 'Services' flag sets which services the certificate is enabled for. Valid options include:
SMTP
IMAP
POP
IIS

To enable multiple services:

Import-ExchangeCertificate -Path c:\exchange.comodo.com.crt | Enable-ExchangeCertificate -Services "SMTP, POP, IMAP, IIS"

Note: Once you have installed the site certificate you may need to follow the procedure outlined in "UCC Root and Intermediate Certificate installation" with the other files that you have been sent in order to complete the installation.

For more information on the Office Communications Server 2007 Certificate Wizard and installing certificates for Office Communications Server, see the deployment documentation available on the Office Communications Server 2007 Technical Library

Installing the UCC Root & Intermediate Certificates You can download the files you will need for this from the support section of the website Root & Intermediate Certificates

Your Root certificate is the Entrust.net Secure Server Certification Authority (EntrustSecureServerCA.crt)

Your Intermediate certificate is the AAA Certificate Services (AAACertificateServices_2.crt)

Save these Certificates to the desktop of the webserver machine, then:

Click the Start Button, select Run, type mmc and select OK

Click File and select Add/Remove Snap in

Select Add

Select Certificates from the Add Standalone Snap-in box and click Add

Select Computer Account (NOTE: This step is very important. It must be the computer account and no other account) and click Next

Select Local Computer and select Finish

Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install the your Root Certificate:

Right click the Trusted Root Certification Authorities, select All Tasks, then select Import.

Click Next.

Locate the Root Certificate and click Next.
When the wizard is completed, click Finish.
To install the Intermediate Certificate/Certificates:

Right click the Intermediate Certification Authorities, select All Tasks, select Import.
Complete the import wizard again, but this time locating the intermediate Certificate when prompted for the Certificate file.

Ensure that the Root certificate appears under Trusted Root Certification Authorities
Ensure that the intermediate certificate appears under Intermediate Certification Authorities
Once these are installed you may need to restart the server.

Requesting a replacement UCC certificate If for whatever reason you find yourself in need of a replacement UCC certificate (requested for the incorrect domain names, server failure, Unable to export / backup the certificate, extra domains required ... etc and you wish to request that we replace this for you please follow the below steps.

Insure you have read and understand the UCC articles entitled:

Generating your Unified Communications Certificate (UCC) CSR
What should I use as my Primary common name?
What domains should I include in my UCC certificate?

Once this is done please submit a ticket to the support department via the admin@adgrafics.net and include the following:

1. Your original order number
2. The complete list of domains to be included (including any extra domains you wish added)
3. Which domain you wish us to use as your primary domain name
4. A brief explanation of what you wish the support department to do with your request and the reason that you are making the request

Note: If you are requesting additional domain names to be added to the UCC certificate we will request additional payment which does delay the process

Cannot import as there already is a certificate with a thumbprint of ........... This error normally occurs when the certificate has already been installed onto this server.

If you have already installed this certificate and you are trying to enable the correct services on this server for this certificate this can be done using a command like the below :-

Enable-ExchangeCertificate -Thumbprint [THUMBPRINT] -Services "POP, IMAP, IIS, SMTP"

You will need to replace [THUMBPRINT] with the certificate thumbprint.

If you have installed this certificate correctly onto this server you will need to look through the certificate store and remove the certificate with the thumbprint in the error message. (This is only recommend if you have not tried to installed the certificate on this server before or if the current certificate installed is not working correctly.)

**please also note that the thumbprint and serial number are different fields within the certificate

Can I use My UCC certificate on more than one server ? The Unified Communications Certificates are sold on a single server license basis. This means that is can only be used on one server.

If you wish to use Unified Communications Certificates on more than one server you will need to purchase multiple certificates.

PrivateKeyMissing when running Enable-ExchangeCertificate Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing). At line:1 char:27 + Enable-ExchangeCertificate <<<< -Thumbprint XXXXXXXXX -Services "IIS"

The above error is a result of a glitch with Exchange 2007. This issue does not happen all the time as it is completely random, but when it does happen no certificate can be installed or removed through the Exchange Management Shell (EMS). For whatever reason it may be, the system forgets where it placed the Private Key or the certificate store is damaged.

Repair Damaged Certificate Store:

1) Open MMC (Microsoft Management Console) to the Certificate Manager (Certificates Snap-in) for the Local Computer account.
2) Double-Click on the recently imported certificate (It will be missing the golden key).
3) Go to the Details tab.
4) Click on the Serial Number field and copy down that number. (Leave window open)
5) Open up the command prompt (DOS Prompt -- CMD.exe)
6) Type: certutil -repairstore my "SerialNumber"( SerialNumber is that what was copied down in step 4.)
7) After running the command, go back to the MMC and right-click Certificates and select "Refresh".
8) One should now see the golden key associated with the certificate.
9) Double-check in the Exchange Power Shell with: Get-ExchangeCertificate

Alternatively if the above does not work try the following:

1) Open MMC (Microsoft Management Console) to the Certificate Manager for the Local Computer account. (Certificates Snap In)
2) Look in the Personal section of the Certificate Manager and there should be icon(s) without a little golden key. (Those with the key have the private key bonded to them.)
3) Delete the icons without the golden key.
4) Go back to the EMS.
5) Run the Import-ExchangeCertificate and Enable-ExchangeCertificate in one line like so: [ Import-ExchangeCertificate -Path c:\exchange.comodo.com.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, IIS, POP" ]
*** Please modify the command according to your needs. ***
6) Things should be golden from here and if they are not, please contact Microsoft.

Assigning an existing certificate to Exchange 2007 You will need to use the below command to assign any existing certificate on the server that is correctly installed and has a matching private key.

Enable-ExchangeCertificate -Thumbprint [THUMBPRINT] -Services "POP, IMAP, IIS, SMTP"

You will need to replace [THUMBPRINT] with the certificate thumbprint this can be found by viewing the certificate under the certificate details.

**please also note that the thumbprint and serial number are different fields within the certificate

Microsoft ISA Server and SAN Certificates ISA Server 2006 SP1 includes Support for certificates with multiple Subject Alternative Name (SAN) entries in published web servers.
Previous to this release this is not correctly support by ISA servers.

Please insure that you are using ISA Server 2006 with Service pack 1 installed if you wish to take advantage of Subject Alternative Name (SAN) entries in your certificate.

	Украинский центр сертификации сайтов и верификации компаний ВЕБТРАСТ Украина подробнее...
издатель: Украинский сертификационный центр СП Адграфикс Хмельницкий Украина Ukraine SSL UA тематика: , , , comodo.sslinformationcenter.com comodo.sslinformationcenter.com. EV SSL Multi-Domain, IntranetSSL, EV SSL SGC, InstantSSL, EV SSL,