SSL Certificate For Exchange Server From Private CA -Part 1

Today We are Discussing about ADCS and SSL Certificate For Exchange Server from our Private CA

First We need to Enable AD CS Server role

Installing the AD CS Server Role:

Open Server Manager and click Manage -> Add Roles and Features

Click Next

Select Role-based or feature-based installation

Select the server you want to install this role then click Next

Select Active Directory Certificate Services then click Next

On the pop up window click the box Include management tools then Add Features:

Click Next:

Select Certification Authority and Certification Authority Web Enrollment

Now its time to configure AD CS

Give Required Credentials

Click Next

Select Enterprise CA

Select Root CA

We need to create a new Private Key

Select Cryptography Here we will select SHA256

Once Configuration Process is done Open Certificate Authority and we need to create a Certificate template

We can choose a duplicate copy of Workstation Authentication for our new Template

Do As per the Followings

Select Auto enroll Option for Domain Computers

Edit and Add One more extension

Adding One More template

Select DNS name and UPN

Once done we can See our new template

Now we have to issue this Template

Choose the newly created template

Now for automatic enrollment We need to create a group policy, so open Group Policy Management and create a new GPO

Now Change the settings in the New GPO

Goto Computer Configuration->Policies->Windows Settings->Security Settings->Public Key Policies and Goto the properties of Certificate Services Client- Certificate Enrollment Policy

Do as per the image

Now Take Properties of Certificate Services Client -Auto Enrollment

Do as per the image

And Do Group Policy Update So All Domain Joined Computers will be enrolled with new certificate.Also we can check the issued certificate from Certificate Authority -> Issued Certificates

Now we have Successfully Configured ADCS and Exchange Server Configuration for SSL Certificate will be on the next Part…

Thank You…

Leave a Reply