Figure 5.11 Typing the Common Name for the SSL Certifi cate NOTE It is very important you enter the correct common name since it cannot be changed once you have received your SSL certifi
Trang 110 We have now reached the most important step in the IIS Certifi cate Wizard, where we
have to enter the common name for the Default Web Site This common name must match
the name of the URL through which we access the Client Access Server from a client
on the Internet The common name is usually mail.domain.com, mobile.domain.com, or
owa.domain.com When you have entered the common name, click Next (Figure 5.11).
Figure 5.11 Typing the Common Name for the SSL Certifi cate
NOTE
It is very important you enter the correct common name since it cannot be changed once you have received your SSL certifi cate from your third-party provider
Trang 211 Now enter the respective geographical information and click Next.
12 Specify the path and fi le name to save the certifi cate request, and then click Next.
13 Verify that the information in the request is correct (especially the Issued To information),
then click Next and fi nally Finish, exiting the IIS Certifi cate Wizard.
SOME INDEPENDENT ADVICE
You can also issue a request for an SSL certifi cate using the New-ExchangeCertifi cate
cmdlet in the Exchange Management Shell In order to request a certifi cate using this cmdlet, type:
New-ExchangeCertifi cate –GenerateRequest –FriendlyName “SSL Client
Access to Exchange” –DomainName mobile.exchangedogfood.dk -path
c:\certreq.txt
If you’re going to issue a request for an SSL certifi cate with additional DNS
names in the Subject Alternative Name property, you actually need to use the
New-ExchangeCertifi cate cmdlet For more information, see the Exchange 2007
Documentation at http://technet.microsoft.com/en-us/library/aa995942.aspx
Okay, now that I have a pending certifi cate request, what certifi cate authority provider
should I use? Well, if you want a good and extremely cheap SSL certifi cate, trusted by
99 percent of all browsers as well as all Windows Mobile 5.0 devices on the market, I can
highly recommend GoDaddy (www.godaddy.com) Unfortunately, they don’t support adding
additional DNS names in the Subject Alternative Name property, however Here you can
get an SSL certifi cate for a mere $20 per year I don’t think you’ll fi nd it much cheaper
anywhere else
When you have decided on which certifi cate authority provider you want to use, you’ll need
to send the certreq.txt fi le to them I won’t go into detail on how this is accomplished since this
process is different from provider to provider, and because each provider typically has very detailed
information about how you do this
When you have received the SSL certifi cate from the certifi cate provider, you need to perform
the following steps:
1 Log on to the Exchange 2007 Server on which the Client Access Server role is
installed
2 Click Start | All Programs | Administrative Tools and select Internet Information
Services (IIS) Manager
Trang 36 Specify the path to the certifi cate fi le or the fi le containing the Certifi cate Authority
response, and then click Next.
7 Specify the SSL port that should be used (443), click Next and then Finish to exit the IIS
Certifi cate Wizard
8 Now that we have installed the SSL certifi cate we can enable SSL on the Default
Web Site This is done by clicking the Edit button shown back in Figure 5.9, and then checking the option button Require secure channel (SSL), as shown in
Figure 5.13
9 Click OK twice and exit the IIS Manager
Figure 5.12 Processing the Pending Request
3 Expand <Server name> (local computer) | Web Sites, and then open the Property page
for the Default Web Site
4 Click the Directory Security tab and select the Server Certifi cate button.
5 Select Process the pending request and install the certifi cate, as shown in
Figure 5.12, and then click Next.
Trang 4Adding the RPC over HTTP Proxy Component
Next, we need to install the RPC over HTTP Proxy component on the Exchange 2007 Server on
which the Client Access Server role has been installed Since this is a standard Windows 2003 Server component, you install it using the following steps:
1 Log on to the respective Client Access Server
2 Click Start | Control Panel, and then open Add or Remove Programs.
3 Click Add/Remove Windows Components
4 Select Network Services and then click the Details button.
5 Check RPC over HTTP Proxy, as shown in Figure 5.14
6 Click Ok | Next and let the installation complete.
Figure 5.13 Enabling SSL on the Default Web Site
Trang 5Enabling Outlook Anywhere
With the SSL certifi cate in place and the RPC over HTTP Proxy component installed, we can move
on and enable Outlook Anywhere In order to do so, perform the following steps:
1 Open the Exchange Management Console , then expand the Server Confi guration work center and select Client Access.
2 Click the Enable Outlook Anywhere link in the Action pane
3 In the Outlook Anywhere wizard that appears, type the external host name for your
Exchange organization, as shown in Figure 5.15
Figure 5.14 Installing the RPC over HTTP Proxy Component