Configuring an Exchange Hybrid Deployment & Migrating to Office 365 (Exchange Online) Import & Enable Third Party Certificate on Hybrid Servers When configuring a hybrid deployment, one of the requirements is a SSL certificate from a trusted 3rd party certificate provider. This certificate has to be used to secure the communication between the on-premise Exchange 2010 hybrid servers, Exchange clients and Exchange Online. Note: We already have a SSL certificate from a trusted 3rd party certificate provider installed on the two Exchange 2007 servers in our on-premise environment. Since this is a wildcard certificate, iCloud24x7 can use it for the hybrid servers without having to add an additional FQDN (hybrid.office365lab.dk) to it. This would of course have been required if we used an SAN certificate. To use the wildcard certificate that is used for the Exchange 2007 servers, we need to export it to a file. Since we do not have a certificate wizard to do this (an Exchange 2010 feature only), we must use the Exchange Management Shell (EMS). So first, open the EMS and then type the following command in order to get the thumbprint for the certificate: Get-ExchangeCertificate fl Issuer, CertificateDomains, RootCAType, Thumbprint We can see there are two certificates installed on the respective Exchange 2007 multi-role server, one self-signed SAN certificate and a wildcard certificate from a trusted 3rd party CA provider. To export the wildcard certificate, we’ll use this command: Export-ExchangeCertificate –Thumbprint -BinaryEncoded:$true –Path c:\certificates\export.pfx –PasswordLGet-Credential).password Enter any text in the User name field (this value is not stored/saved in the exported certificate) and then the password you wish to protect the exported certificate with. With the certificate exported, switch over to one of the Exchange 2010 hybrid servers and open the Exchange Management Console (EMC). In the EMC, select “Server Configuration” and then right-click on one of the hybrid servers in the result pane. In the context menu that appears, select “Import Exchange Certificate”. In the “Import Exchange Certificate” wizard, point to the exported certificate and then specify the password used to protect it. Click “Next”. On the “Select Servers” page, make sure to add both hybrid servers and then click “Next”. On the “Import Exchange Certificate”, click “Import” to import the certificate. Finally, click “Finish” to exit the wizard. Now that iCloud24x7 has imported the certificate on both hybrid servers, it’s time to assign it to the required Exchange services. To do this, right-click on the certificate in EMC and then select “Assign Services to Certificate” in the appearing context menu. On the “Select Servers” page, make sure to add both hybrid servers and then click “Next”. On the “Select Services” page, tick “Simple Mail transfer Protocol (SMTP)” and “Internet Information Services (IIS)” and then click “Next”. Finally click “Assign” and then “Finish”. We have now imported and enable the required third party certificate. Configure the URLs on the Exchange 2010 Hybrid Servers With the third party certificate in place, we can now start configuring the Exchange URLs on the two hybrid servers. Basically we just need to point the internal as well as external URL for the respective virtual directories and the internal autodiscover URI to “hybrid.office365lab.dk”. To do so using the Exchange Management Shell use the following commands for each respective virtual directory: Outlook Web App (OWA) directory: Let’s begin with the internal and external URLs for Outlook Web App (OWA). For this we should use: Set-OwaVirtualDirectory -Identity "EX03\OWA (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA Set-OwaVirtualDirectory -Identity "EX04\OWA (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA Exchange Control Panel (ECP) directory: For the Exchange Control Panel (ECP), we should use: Set-EcpVirtualDirectory -Identity "EX03\ECP (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP Set-EcpVirtualDirectory -Identity "EX04\ECP (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP Exchange ActiveSync (EAS) directory: For the Exchange ActiveSync (EAS), we should use: Set-ActivesyncVirtualDirectory -Identity “EX03\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync Set-ActivesyncVirtualDirectory -Identity “EX04\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync Offline Address Book (OAB) directory: For the Offline Address Book (OAB), we should use: Set-OABVirtualDirectory -Identity "EX03\oab (Default Web Site)" -InternalUrl https://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab Set-OABVirtualDirectory -Identity "EX04\oab (Default Web Site)" -InternalUrl https://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab Exchange Web Services (EWS) directory: For the Exchange Web Services (EWS), we should use: Set-WebServicesVirtualDirectory -Identity "EX03\EWS (Default Web Site)" -InternalUrl https://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURL https://hybrid.office365lab.dk/ews/exchange.asmx Set-WebServicesVirtualDirectory -Identity "EX04\EWS (Default Web Site)" -InternalUrl https://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURL https://hybrid.office365lab.dk/ews/exchange.asmx Internal Autodiscover URI directory: For the internal Autodiscover URI, we should use: Set-ClientAccessServer –Identity EX03 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml Set-ClientAccessServer –Identity EX04 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml And this would enable iCloud24x7 to properly import and enable third party certificates on hybrid servers.
Related Articles -
Exchange 2010 Hosting, Microsoft Exchange 2010,
|