Changing a UCC/SAN Certificate and Re-Issuing from GoDaddy

Scenario

When initially setting up the Unified Communications Certificate (UCC) certificate for Exchange, autodiscover.domain.com was not added as a Subject Alternative Name (SAN).

You need to enable autodiscover in Exchange 2010 for external devices (iOS, laptop Outlook etc.) without a security warning.

Solution

The certificate needs to be updated with autodiscover.domain.com as a SAN.

These instructions pertain to a GoDaddy certificate – other providers will likely be different.

An A record had already been created in the domain’s DNS zone pointing autodiscover.domain.com to the public IP address of the router.

As it turns out, GoDaddy offer the opportunity to drop and replace SANs from their UCC certificates at will – with domain ownership validation required if any are added, of course.

Here are the steps:

[Read more…]

Issuing a certificate to Exchange 2010 using an Internal Certificate Authority (CA)

Scenario

You’ve installed Active Directory Certificate Services and need to issue a certificate to Exchange 2010.

[Read more…]

Citrix XenApp lab setup notes including iPad configuration

My good friend Steve and I were up till 02:30 Fri night / Sat morning doing further testing with Citrix XenApp 6.5 and the Citrix Receiver app on the iPad.

There were a few teething errors, but we got everything working fine in the end; including configuring an ActiveSync Profile for the iPad that installs a Root Certificate and pre-configures the Mail app to work with Exchange.

We used Hyper-V to setup a base VM of Server 2008 R2, then installed the following VMs using differencing disks which are similar to linked clones using VMware:

  • A Domain Controller with Certificate Services installed
  • SQL Server 2008 R2
  • XenApp and Licensing
  • Citrix Web Interface and Secure Gateway
  • Exchange 2010

After a few short hours sleep, I decided to do exactly the same in my home lab too. Usually I use my ESXi server, but I thought this would be a great time to test out the latest version of VMware Workstation.

I didn’t take screenshots as usual, but here’s the notes I made:

[Read more…]

Installing Active Directory Certificate Services

Scenario

You want to configure and control certificates throughout your IT Infrastructure.

Server 2008 R2 has this functionality built-in, so you just need to add the Server Role.

[Read more…]