For an overview of the procedures you must follow to configure SSL, see "How to Use SSL to Secure the Communications Between the Client Messaging Applications and the Exchange Front-End
Trang 1then click Add
6 Click Computer Account, and then click Next
7 Click the Local computer (the computer this console is running on) option, and then click Finish
8 Click Close, and then click OK
How to Back Up Your Server Certificate
To back up your server certificates, you use the Export feature of
Certificate Manager
Before You Begin
Backing up a server certificate is just one step in configuring SSL For an overview of the procedures you must follow to configure SSL, see "How
to Use SSL to Secure the Communications Between the Client
Messaging Applications and the Exchange Front-End Server" in the
Exchange Server 2003 Client Access Guide
Trang 2Note:
If you do not have Certificate Manager installed in Microsoft
Management Console (MMC), see How to Add Certificate Manager to Microsoft Management Console After you install Certificate Manager, you can back up your server certificate
Procedure
To back up your server certificate
1 Locate the correct certificate store This store is typically the Local Computer store in Certificate Manager
Note:
When you have Certificate Manager installed, it points to the correct
Local Computer certificate store
2 In the Personal store, click the certificate that you want to back up
3 On the Action menu, point to All tasks, and then click Export
Trang 34 In the Certificate Manager Export Wizard, click Yes, export the private key
5 Follow the wizard default settings, and enter a password for the certificate backup file when prompted
Note:
Do not select Delete the private key if export is successful
because this option disables your current server certificate
6 Complete the wizard to export a backup copy of your server
certificate
For More Information
For conceptual information about how configuring SSL, see "Using
Secure Sockets Layer" in "Securing Your Exchange Messaging
Environment" in the Exchange Server 2003 Client Access Guide
For detailed steps for adding Certificate Manager to MMC, see How to Add Certificate Manager to Microsoft Management Console
Trang 4How to Configure Virtual Directories to Use SSL
After you obtain an SSL certificate to use either with your Exchange front-end server on the default Web site or on the site where you host the
\RPC, \OMA, \Microsoft-Server-ActiveSync, \Exchange, \Exchweb, and
\Public virtual directories, you can configure the default Web site to
require Secure Sockets Layer (SSL)
Note:
The \Exchange, \Exchweb, \Public, \OMA, and
\Microsoft-Server-ActiveSync virtual directories are installed by default on any
Exchange 2003 installation The \RPC virtual directory for RPC over
HTTP communication is installed manually when you configure
Exchange to support RPC over HTTP For more information about how
to set up Exchange to use RPC over HTTP, see Exchange Server
Before You Begin
Configuring virtual directories to use SSL is just one step in configuring SSL For an overview of the procedures that you must follow to configure SSL, see "How to Use SSL to Secure the Communications Between the
Trang 5Client Messaging Applications and the Exchange Front-End Server" in the Exchange Server 2003 Client Access Guide
Before you perform this procedure, you must read "Using Secure Sockets Layer" in "Securing Your Exchange Messaging Environment" in the
Exchange Server 2003 Client Access Guide
Procedure
To configure virtual directories to use SSL
1 In Internet Information Services (IIS), select the Default Web site or the Web site where you are hosting your Exchange services, and then
click Properties
2 On the Directory Security tab, in Secure Communications, click Edit
3 In Secure Communications, select Require Secure Channel (SSL)
4 After you complete this procedure, all virtual directories on the
Exchange front-end server on the default Web site are configured to
Trang 6use SSL
How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP
This topic explains how to configure the RPC proxy server to use
specified ports for RPC over HTTP
Note:
You can also use the Rpccfg tool to set and troubleshoot port
assignments The Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools
After you configure the RPC over HTTP networking component for
Internet Information Services, configure the RPC proxy server Configure the RPC proxy server to use specific ports to communicate with the
directory service and with the information store on the Exchange
computer
For information about configuring all your global catalogs to use specific
ports for RPC over HTTP for directory services, see How to Set the
Trang 7NTDS Port on a Global Catalog Server Acting as an Exchange Server
2003 Back-End Server
Before You Begin
Verify the registry values automatically set for the Exchange ports
mentioned below When you run Exchange Server 2003 Setup, Exchange
is configured to use the ports in the following table
Exchange Server
(Global Catalog)
Trang 8The three registry values that follow are automatically configured by
Exchange Server 2003 Setup Although you do not have to configure these registry values, you might want to verify that these registry values are configured correctly
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeIS\ParametersSystem
Value name: Rpc/HTTP Port
Value type: REG_DWORD
Value data: 0x1771 (Decimal 6001)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeSA\Parameters
Value name: HTTP Port
Value type: REG_DWORD
Value data: 0x1772 (Decimal 6002)
Trang 9HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeSA\Parameters
Value name: Rpc/HTTP NSPI Port
Value type: REG_DWORD
Value data: 0x1774 (Decimal 6004)
Note:
Do not modify these registry values If you modify these registry
values, RPC over HTTP may not function correctly
To configure the RPC proxy server to use specific ports, follow the steps below The following steps contain information about editing the registry
Caution:
Incorrectly editing the registry can cause serious problems that may
require you to reinstall your operating system Problems resulting from editing the registry incorrectly may not be able to be resolved Before editing the registry, back up any valuable data
Trang 10Procedure
To configure the RPC proxy server to use specified ports for RPC over HTTP
1 On the RPC proxy server, start Registry Editor (Regedit)
2 In the console tree, locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
3 In the details pane, right-click the ValidPorts subkey, and then click Modify
4 In Edit String, in the Value data box, type the following information:
ExchangeServer:6001-6002;ExchangeServerFQDN:6001-6002;ExchangeServer:6004;ExchangeServerFQDN:6004;
(FQDN) of your Exchange server If the FQDN that is used to access