Secure the Protocols
After you've enabled the necessary protocols (e.g., IMAP) on your servers and have decided on which servers you need to install the server certificates, the next step in securing the protocols is to generate certificate requests. The procedure varies slightly depending on whether your servers run Exchange 2000 or Exchange 5.5.
Exchange 2000. For Exchange 2000 installations, open the ESM console. (Each protocol uses the same method to activate SSL; I'll use IMAP as an example.) Expand the Protocols container of the server you're configuring, then expand the IMAP4 container to display the IMAP4 virtual server.
Right-click the IMAP4 virtual server, choose Properties from the context menu, and go to the Access tab in the virtual server's Properties dialog box. Click Certificate in the tab's Secure communication section to launch the IIS Certificate Wizard. This wizard guides you through actions such as requesting, installing, and renewing certificates. On the wizard's Server Certificate screen, which Figure 3 shows, select Create a new certificate. The wizard prompts you to provide information such as your organization's legal name, country, and region. The wizard also prompts you to specify the certificate request's bit length, which determines the public-key encryption and signing strength. (I suggest you use 1024 bits because known vulnerabilities exist with 512-bit keys.) Finally, you specify a common name (CN) for the server; the CA will encode this CN into the server certificate. The CN must be the same name configured on your server, or users will receive warnings about a mismatch between the name encoded in the certificate and the host name their email clients used to locate the server. When the wizard is completed, it saves the certificate request as a text file. . . .
Register
