ICT50415 Enterprise Communications: Exchange Server Certificate Setup

Verified

Added on 2022/10/06

AI Summary

This practical assignment from the Department of Computing and Information Technology, focused on Enterprise Communications, covers the setup and configuration of Exchange Server certificates. The assignment includes researching certificates, certification authorities, and deploying an Exchange Server 2016 system. Students are tasked with implementing self-signed certificates to overcome certificate errors in Exchange Web Services and documenting the steps in a journal. The activities involve creating self-signed certificates, assigning them to services, and installing them in the trust root. Furthermore, the assignment explores configuring Exchange Server to utilize a Certificate Server installed on the Domain Controller, requiring the creation and implementation of a new Exchange Server Certificate and testing all settings. The document provides detailed steps, screenshots, and troubleshooting logs, demonstrating practical application of certificate management within an enterprise environment. This document is a solution to an assignment and is available on Desklib, along with other resources like past papers and solved assignments to help students excel in their studies.

Enterprise Communications – Practical Activity 5
Department of
Computing and Information Technology
EnterpriseWeb Authoring
Semester 2, 2019
Version 1.0: 31/08/2024
ICT50415 Diploma of Information Technology Networking
Competencies
 ICANWK501: Plan, implement and test enterprise communication solutions
 ICTTEN512: Design and implement an enterprise voice over internet protocol and a
unified communications network
 ICTNWK505: Design, build and test a network server
Instructions
To Students
 Submit your assessment items by the specified dates
 Present material according to IT Dept. standards
specified.
 Practical activities are to be noted down in the student
journals specifically for this subject. Marks will be
allotted according to the practical and the write up.
Method Introductory Activity – Assessed as a Prac in-class activity
Due Date As completed. Refer to subject outline.
Tools &
Equipment
Windows Based Computer(s) with Virtualisation Environment
Grade A satisfactory assessment.
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Enterprise Communications – Practical Activity 5
Practical Exercise 5
Aim
Back in Prac 4 we installed the Exchange Server and enabled the Outlook Web Services.
One of the most annoying features was the certificate error that we received.
In this exercise we will examine the Web Services further, with a specific emphasis on
attempting to research the issue of certificate errors and hopefully resolve these issues
utilising Self Signed Certificates.
This exercise is to be done individually.
This exercise will be completed within a VMware Workstation 12.x/14.x Environment.
You must maintain an error log sheet and mention how you troubleshot the issues.
Read the entire activity before starting!!!
Document the steps that you followed in your Journal. Journal must have full
screen and clear screenshots.
Research
In this activity we will research some terms from the internet.
 Research the following terms:
 Certificates
 Certification Authorities
 Read the following articles
 http://www.careexchange.in/install-and-configure-certificate-authority-in-windows-
server-2016/
 http://www.careexchange.in/how-to-create-an-ssl-certificate-request-for-
exchange-server-2013/
 http://www.msserverpro.com/configuring-certificates-client-access-exchange-
server-2016/
 Document your research in your Journal.
Digital certificates are electronic files. It acts as an online password. Which helps
to verify the computer. Mainly this is used to establish the encrypted connection
between the server and systems. Digital certificates can be issued by the
certification authority. That contains the information's about the certificate
holder. The main features of digital certificates are Encryption, Authentication.
Certification authorities – Microsoft exchange certificate – windows server.
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 2

Enterprise Communications – Practical Activity 5
Certificate installation and configuration
 The first step is to create a self-signed certificate on an exchange server.
 The second step is to make a CSR. CSR process includes the activity like
creating certification requests.
 Step three is the completion of pending certificate requests on the
exchange server. This activity involves the process of importing an
exchange certificate, completing all the pending exchange server
certificate request.
 The fourth step is allotment of the certificate to all the exchange services.
 And then we need to remove the existing exchange certificates. And this is
the fifth step in the certificate installation process.
 The sixth step is to get a new exchange certificate.
Deploy an Exchange Server
In this activity we will quickly redeploy a one-machine environ similar to Prac 2 without
any certificate services or layered security (i.e. just POP3 and SMTP).
 Deploy an Exchange Server 2016 system as per Prac 4
 Set up Thunderbird
 Test mail connectivity using the Exchange Web services
 Establish mail connectivity between accounts.
Activity 1
In this activity we will implement a self-signed certificate to avoid certificate errors when
making SSL connections to the Exchange Web Services.
Use this article as a base.
https://faceitnet.blogspot.com.au/2016/08/how-to-configure-and-install-self.html
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 3

Enterprise Communications – Practical Activity 5
 Using self-signed Certificate, overcome certification errors when you connect to the
Exchange Web Services (as shown above).
 Document the steps that you followed in your Journal.
Tasks Done
It is common occurrence that after installing exchange server, OWA or ECP
shows certificate error. To fix it follow these steps. Open the Exchange ECP,
access the server and select the Certificate option. Push the + this way you can
build the fresh certificate. Here you will see two options, choose the Create a self-
signed certificate option. Here type the friendly name. When the next screen
opens, define the specific server from where you are applying for this certificate.
Select next, define Domains you wish to add; through pencil option put the
names. You can add for intranet as well as internet. To reach confirmation page,
push OK. Choose finish button to create a new certificate. To define the services
click on this new certificate, for example you can assign to IMAP or POP. In
order to use this server, head to IIS sever. After opening the server, select
websites that are default. Click Add and choose HTTPS and put the host name;
in next step, choose this new certificate on drop down menu. After selecting ok,
restart the web server. Open the Exchange web access, click on certificate option
and install it to your trust root. Choose install option, choose local computer, and
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Enterprise Communications – Practical Activity 5
choose the trust root. Now reopen the web browser, go to Lock icon, open
certificate, and select Subject alternative names option. You’ll find provided
domain names there.
Activity 2
In this activity we will configure Exchange Server 2016 to use the Certificate Server
installed on our Domain Controller.
Note that from this point forward that any services that require certificate services
should be configured to use the domain certificate server deployed on the domain
controller.
 Create and implement a new Exchange Server Certificate for your system.
 Re-implement any security features if they have been disabled.
 Fully test all settings
 Web Facilities
 Under Thunderbird
 Document the steps that you followed in your Journal.
Tasks Done
To install and configure the Certificate Authority, we need to install a role on dedicated
server. To complete this step go to server manager then to manage, and add roles and
features. After it select Active Directory Certificate Services, click next and select
Certification Authority Web Enrolment. Next, select both the Certification Authority,
and Certification Authority Web Enrolment options. After Installing you can close it.
Click on Exclamation Mark and setup Active Directory Certificate Services. Click next,
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 5

Enterprise Communications – Practical Activity 5
select the options of previous step, and select Enterprise CA. After this, select the
Root CA, and build a fresh Private Key. Utilize SHA256 with length of 2048, after
completing it, click next. Keep certificate duration of 5 years; push next. Define
location of Certificate Authority Default Database. After defining it, select configure,
but for this purpose select an appropriate configure. With this step completion, we
have successfully installed and configure Certificate Authority. Follow these steps to
request or to build a Simple Cert through an Internal Certificate Authority. Browse
http://localhost/certsrv/ you will see few lines; select the “Request a Certificate” option
given there. After this, go to advanced type of Certificate Request. Two options will
emerge here, opt for second option. Via base-64-Encoded CMC, put forward your
request. Through application generate certificate request and copy this request data in
notepad. Now select the “Base 64 encoded” and save this certificate or download it;
remember the saved certificate should be in .cer extension. After applying on
Exchange 2016, copy request .CER file produced through the CA for exchanging or to
use it. If the certificate is invalid login/access and export Root CA; after login to
Exchange Sever Import, export cert. This will make certificate valid. To use it on
desktop, access the MMC, export your certificate with valid address with PFX format
file. After exporting this file, open the MMC and install desktop version of PFX. In the
last step, browse the URL.
Explain and demonstrate a fully functioning mail environ to your teacher
Upload your Journal Notes to Moodle for assessment.
---------------------------------------------------------------------------------------------------------------------------
If there are no further tasks given by the Teacher at this point then shut down your
virtual operating systems. Remember to shut down the client workstation first and
then the server operating system
*********************************************************************************************************
At the end of the practical session, please ensure that you have saved the folders of
the virtual operating systems on to your USB hard disk. Before leaving the lab room
ensure that any software installed on the base OS is removed and that your machine
has been left in a better state than you found it in.
UNCLASSIFIED : SS 18-Jul-2019 L:\CAIT\Teaching\T&L\201920\ICT50415\ENTERPRISE_COMMUNICATIONS\RESOURCES\EC_Prac5.doc 6