I've got an exchange server behind behind a port to address translation firewall. The server is reachable from the internet using a dyndns-url.
Now I want to sync windows phones to exchange mailboxes. To achieve this, I need to install the exchange certificate on the windows phone (send it to the phone by mail, double click). So far so good.
But, as far as I can see this does only work if the certificate on my exchange server matches the dyndns-url?
So I'd like to know: how do I create a self signed certificate for my dyndns-url and install it on exchange?
even though you can have a self signed certificate, it will be good if you get a domain name and a proper ucc san cert from either godaddy or http://www.exchangecertificates.com/
create a UCC self-signed certificate. We will require the following names:
NETBIOS name of Exchange: EX-2k7 (example)
Internal FQDN: EX-2k7.abc.local (example)
External FQDN (Public name): dyndns-hostname (example) (use nslookup/ping to verify the external FQDN)
Autodiscover name: autodiscover.dyndns-hostname (example)
SubjectName: cn=dyndns-hostname (example)
In EMS, run the following command to generate the new self-signed certificate:
New-ExchangeCertificate -FriendlyName "SelfSigned Cert2010" -SubjectName "cn=domain name" -DomainName server netbios name,server.domain.local,dyndns-hostname,autodiscover.dyndns-hostname.com, -PrivateKeyExportable $TrueNext enable the certificate with Enable-ExchangeCertificate cmdlet. Enable atleast IIS and SMTP.
Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx -Services POP,IMAP,SMTP,IISNext verify certificate has been installed using EMS/IIS Manager or both. (Sometimes you may have to remove the certificate and then install/enable certificate again).
where dyndns-host name = for e.g. "my.owndomain.net"
Hope that Helps