Self Signed UCC Zertifikat erzeugen

OpenSSL herunterladen (win64openssl-1_0_2h.exe)

Config Datei erstellen, für Exchange wurde „digitalSignature“ hinzugefügt, sonst kann das Zertifikat nicht in den Exchange Certificate Store importiert werden!

 
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
ST = BY
L = Augsburg
O = dynasys
OU = IT Security
CN = SubjectName dynasys datentechnik gmbh
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = autodiscover.mycompany.ag
DNS.2 = autodiscover.mycompany.local
DNS.3 = EX-02
DNS.4 = EX-02.mycompany.local
DNS.5 = EX-01
DNS.6 = EX-01.mycompany.local
DNS.7 = EX-03
DNS.8 = EX-03.mycompany.local
DNS.9 = outlook.mycompany.ag
DNS.10 = owa.mycompany.ag
DNS.11 = push.mycompany.ag
DNS.12 = mail.mycompany.ag

 

Dann OpenSSL.exe (s.o.) herunterladen und installieren (ggf. Tage anpassen!)

openssl.exe req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout C:\temp\cert3.pem -out C:\temp\cert3.pem -config "C:\Temp\OpenSSL-Win64\bin\ConfigDatei.txt"

openssl.exe pkcs12 -export -out C:\temp\cert3.pfx -in C:\temp\cert3.pem -name "SubjectName" -passout pass:<Password>

Import Zertifikat in Exchange

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\temp\cert2.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password