Certificates play an important role in the exchange environment because of clients connection relays heavily on the HTTPS protocol. In Exchange 2010 the RPC/TCP and also the RPC/HTTP (Outlook Anywhere) could be configured but in 2016 the MAPI/HTTPS is preferred. Therefore a certificate needs to be correctly configured.
Installing Certificate Authority
Since Microsoft Certificate Authority is a role service in Windows Server which can be easily added an ideal choice to use it an Internal Certificate Authority (CA).
It issues and manages certificates. Request issued to the CA can be manual or automatic. Than CA Administrator approves or declines the certificate request. Finally CA issues the certificate.
Let’s take a look at the PKI (Public Key Infrstructure)
A certificate is a special digitally signed file
- Information about the certificate holder (computer, user, device)
- Has a public key and a private key (the private key only accessible to the person holds the certificate)
- Information about the CA that issued the certificate
Once the certificate holder recieves a certificate it goes and asks for the certificate revocation list (CRL) from the CA to see whether its certification is revoked or not.