Certificate Services

[John]

Firstly, apologies for the cross post. I wasnt sure of the exact group to
contact.

I have 2 servers, both 2k3 running active directory. Server 1 has the fsmo
roles, server 2 has the gc and Exchange 2k3.

I'd like to use RPC over HTTP and forms based authentication for OWA. I
therefore need certificates installed. I have done this before and broken
active directory replication so my questions are:

What server do i install the certificate services on
What do I do next? Is there an article I can follow to ensure AD still
works and another one to follow to ensure exchange is OK with RPC and OWA?

Thank-you

 

[Ben Winzenz [Exchange MVP]]

Simply installing Certificate Services shouldn't do anything to AD, or at
least it has never done anything from all the testing I have done, and I
have installed Cert Services numerous times. With that being said, it
shouldn't matter which server you install it on.

The other option you have is purchasing a certificate from an internet CA
such as Thawte. Their prices are fairly reasonable (~$175/yr) and it will
solve your problem of needing to install a local Certificate Authority. It
also solves the problem of users seeing a security warning about the
certificate being invalid when they try and log on to OWA from outside the
office and haven't added the cert to their local Trusted Root Certicificate
Authorities store.