Some customers running Exchange 2003 or 2007 require to enable HTTPS to establish a secure connection to Exchange servers
In case you want to use OpenSSL to generate certificate instead of Microsoft CA, please execute the following:
- Use IIS on your Windows machine to generate your IIS SSL certificate request file, which should be named certreq.txt by default.
You can use instructions described here:
http://www.digicert.com/csr-creation-microsoft-iis-5-6.htm
- Transfer this file to your Linux machine using whatever method you like.
- First, we need to generate a private key to sign the certificate with. Lets generate one that's 1024 bits. You'll need to enter a pass phrase too:
# openssl genrsa -des3 -out cakey.pem 1024
- Next, we'll need to create the CA certificate to sign with:
# openssl req -new -key cakey.pem -x509 -days 365 -out ca.cer
Finally, we'll need to sign the IIS certificate with our new CA:
# openssl x509 -req -days 365 -in certreq.txt -CA ca.cer -CAkey cakey.pem -CAcreateserial -out iis.cer
Your new, signed certificate is the file iis.cer.
No comments:
Post a Comment