This article walks through the process of buying and setting up GoDaddy's SSL certificates for use on either your Lync Edge server or your Reverse Proxy. In this article, I am using a SSL cert for my Exchange virtual directories that will be published using the reverse proxy Forefront TMG 2010. This is also the same reverse proxy being used to publish the Lync web services. Although there are many types of SSL certs available, for Lync or Exchange environments, the "Multiple Domains UCC" SSL cert from GoDaddy can be purchaesd and used as shown below:
Once purchased, you can login to the account and launch the SSL certificate setup as shown below:
For this article, I have already used the Exchange2013 EAC to request for a new certificate. The certificate request contains the necessary Common Name (Subject Name) and Subject Alternate Names (SANs) which in this case would be mail.domain.com and autodiscover.domain.com. After saving the certificate request, open it using notepad and copy all the contents:
At the 1st step of the SSL launch wizard, choose the second option and paste the cert request into the box as shown below. Ensure "SHA-1" is the signature algorithm and click Next.
You should now see the CN and SANs listed in the next step of the wizard. If the names are incorrect go back to the Exhange EAC and make sure the cert request is entered properly. Click Next to proceed
Now the wizard is complete and we should see this page below:
At this stage, the certificate request has been submitted and GoDaddy will seek approval from the administrator of the DNS domain that the cert belongs to. Until then the cert will be shown as pending:
Once the DNS Admin approves the certificate request, GoDaddy will issue the certificate and inform you via email that the certificate has been issued:
Returning to the GoDaddy portal, we can now download the certificate from the accounts page. For this cert we select Exchange2010 as the server type even though we are using it for TMG2010 and Exchange 2013 in the backend:
Now that we have the cert from GoDaddy we can go back to the Exchange EAC to complete the certificate request. On the EAC select the pending cert and click on "Complete":
EAC will prompt for the certificate which we simply specify in the shared folder which contains the .crt file issued by GoDaddy:
The certificate will now be shown as "Valid" status. Next we want to export the certificate for use in TMG so back on the EAC, select the certificate and choose "Export certificate" from the menu. EAC will prompt for a shared folder location to place the certificate along with a password to protect it since we are exporting the private key as well:
At this stage, the certificate is ready to be copied into the TMG server for assigning to a listener. For the remaining steps on how to publish Exchange 2013 using TMG2010, look at this blog post http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
RSS Feed