Configuring and Managing Exchange Certificates

Practice Labs Module
Time
51 minutes
Difficulty
Intermediate

Welcome to the Configuring and Managing Exchange Certificates Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Introduction

Welcome to the Configuring and Managing Exchange Certificates Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Working with Exchange Certificates

After completing this lab, you will be able to:

  • Create a certificate request for a certification authority.
  • Create a new self-signed certificate.
  • Export a certificate from an Exchange Server.
  • Import a certificate on Exchange Server.
  • Configure certificate-based authentication for Outlook on the Web and ActiveSync.

Objectives

The following exam objective is covered in this lab:

  • 2.1 Plan, deploy, manage, and troubleshoot client access services.

Lab Duration

It will take approximately 50 minutes to complete this lab.

Exercise 1 - Working with Exchange Certificates

Digital certificates are used to encrypt data that is being exchanged between several devices and to authenticate the identity of the users, services, or network devices. Digital certificates can be of three types:

  • Self-signed certificate: This type of certificate is signed by the application that creates it.
  • Certificate issued by an internal certificate authority (CA): This type of certificate is signed by a Public Key Infrastructure (PKI) entity in your organization, such as Active Directory Certificate Services (ADCS).
  • Certificate issued by a commercial CA: This type of certificate is issued by commercial CA, such as Comodo, Symantec, and DigiCert.

Self-signed certificates and certificates issued by internal CA are not automatically trusted by all clients and need to be installed manually on every client system. Certificates issued by commercial CA are trusted automatically by all client systems, but they come at a high cost.

When you install Exchange Server 2016, the following three self-signed certificates are automatically created:

  • Microsoft Exchange: This certificate is signed by Exchange Server. It is automatically enabled for all Exchange services, except Unified Messaging. It encrypts all communication between internal Exchange Servers.
  • Microsoft Exchange Server Auth: This certificate is signed by Exchange Server. It is used for authenticating server-to-server communications and integrating using OAuth.
  • WMSVC: This certificate is signed by Windows. It is used by the Web Management service in IIS for managing the web servers and their associated sites and applications.

In addition, to these certificates, you can create your own certificates, assign the certificates to the Exchange services and import/export certificates.

In this exercise, in the first task, you will create a certificate request that you can send to a CA using the Exchange admin center and the Exchange Management Shell.

In the second task, you will create self-signed certificates in the Exchange admin center and the Exchange Management Shell.

In the third task, you will assign the certificates to different Exchange services in the Exchange admin center and the Exchange Management Shell.

In the fourth task, you will export and import certificates in the Exchange admin center and the Exchange Management Shell.

In the fifth and final task, you will configure certificate-based authentication for Outlook on the Web and ActiveSync.

Learning Outcomes

After completing this exercise, you will be able to:

  • Create a certificate request for a certification authority.
  • Create a new self-signed certificate.
  • Export a certificate from an Exchange Server.
  • Import a certificate on an Exchange Server.
  • Configure certificate-based authentication for Outlook on the Web and ActiveSync.
Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.