Exchange 2010 and your own PKI infrastructure

When it comes to Exchange Server 2007 or Exchange Server 2010 it is a best practice to use a real world SSL certificate for the Client Access Server. In Microsoft knowledge base article 929395 (http://support.microsoft.com/kb/929395) four vendors are listed as supported vendors for SSL certificates. Of course there are more, and their certificates work fine, but you can also use an internal Windows Server 2008 Certificate Services environment. Especially when you have only domain joined clients this shouldn’t be a problem…

Client Access Server and Certificates

When installing the Exchange Server 2010 Client Access Server, a self-signed certificate, containing just the server name, is generated and installed on the server, and can be used for testing purposes after installing the server. For testing purposes this self-signed certificate also contains the local FQDN in the “Subject Alternative Names” field for testing with Outlook Anywhere. It is naturally a best practice not to use this self-signed certificate in a production environment, but rather to use a third party certificate on the Client Access Server.

Continue reading Exchange 2010 and your own PKI infrastructure

Exchange 2010 SP1 Hosting & Control Panel

In an earlier article I explained a bit about the hosting features that are available in Exchange Server 2010 SP1. This hoster edition (I’ll abbreviate this to HEX2010SP1) is primarily targeted towards hosting companies, you need for example an SPLA license agreement to resell this.

Note: if you need really to address this functionality inside an enterprise organization, then you have to stick with Exchange 2007. Or you have to wait for Exchange 2010 SP2 which will likely contain this functionality in a form of Address Book Policies.

Continue reading Exchange 2010 SP1 Hosting & Control Panel