none
How to add client certificate to windows server 2008R2 for Exchange 2010_SP3 RRS feed

  • Question

  • Hi Team,

    I have a problem with securing call to Exchange 2010_SP3. Currently we are using EWS API 1.2 to make a call to Exchange server to get the calendar details. As of now we are connecting to Exchange using non secure protocol HTTP. We, need to make this call a secure one using HTTPS. We are making this Exchange call using EWS API from a java code. My doubt I have setup Exchange in one my VM and in IIS console I have changed the SSL settings to SSL required and HTTPS call is working. In that IIS console we have a 3 radio button for client certificates like Ignore, Accept and Require. If I select the client certificate as require my call is failing with an error saying connection cannot be established. Can you please let me know how can I create a client certificate and install in Exchange server 2010_SP3. Also can you please tell me how the exchange will be setup in production like whether the client certificates will be selected as Ignored or Accepted or Required........Also since I am making this Exchange call from java using EWS API do I need to write any java code to validate client or Server certificates for making this Exchange call a secure one using HTTPS protocol

    Please see the Error Logs as below:-


    microsoft.exchange.webservices.data.EWSHttpException: Connection not established
        at microsoft.exchange.webservices.data.HttpClientWebRequest.throwIfConnIsNull(Unknown Source)
        at microsoft.exchange.webservices.data.HttpClientWebRequest.getResponseCode(Unknown Source)
        at microsoft.exchange.webservices.data.EwsUtilities.formatHttpResponseHeaders(Unknown Source)
        at microsoft.exchange.webservices.data.ExchangeServiceBase.traceHttpResponseHeaders(Unknown Source)
        at microsoft.exchange.webservices.data.ExchangeServiceBase.processHttpResponseHeaders(Unknown Source)
        at microsoft.exchange.webservices.data.SimpleServiceRequestBase.internalExecute(Unknown Source)
        at microsoft.exchange.webservices.data.GetUserAvailabilityRequest.execute(Unknown Source)
        at microsoft.exchange.webservices.data.ExchangeService.getUserAvailability(Unknown Source)
        at com.taleo.em.service.integration.exchange.EWSTestSuite.checkUserAvailability(EWSTestSuite.java:123)
        at com.taleo.em.service.integration.exchange.EWSTestSuite.main(EWSTestSuite.java:87)

    Thanks,

    Anuj Jain

    Wednesday, July 15, 2015 12:14 PM

All replies

  • Hi Anuj,

    for this to work, the client computer must have (and use) a certificate from a root CA that the exchange trusts. So you do not need to install it on the Exchange Server, but on the device that is trying to make the connection.

    Usually you issue those certificates from your corporate PKI, though reading up on just how to do this is a fair bit of work, good luck.

    Since I do not know how the Java API works (and barely know enough Java to get out a "Hello World") I can't help you on the Java side of things, sorry.

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, July 15, 2015 2:45 PM