self-issued exchange certificate for dyndns-url

Question

I've got an exchange server behind behind a port to address translation firewall. The server is reachable from the internet using a dyndns-url.

Now I want to sync windows phones to exchange mailboxes. To achieve this, I need to install the exchange certificate on the windows phone (send it to the phone by mail, double click). So far so good.
But, as far as I can see this does only work if the certificate on my exchange server matches the dyndns-url?

So I'd like to know: how do I create a self signed certificate for my dyndns-url and install it on exchange?

Answer 1

even though you can have a self signed certificate, it will be good if you get a domain name and a proper ucc san cert from either godaddy or http://www.exchangecertificates.com/

create a UCC self-signed certificate. We will require the following names:

NETBIOS name of Exchange: EX-2k7 (example)

Internal FQDN: EX-2k7.abc.local (example)

External FQDN (Public name): dyndns-hostname (example) (use nslookup/ping to verify the external FQDN)

Autodiscover name: autodiscover.dyndns-hostname (example)

SubjectName: cn=dyndns-hostname (example)

In EMS, run the following command to generate the new self-signed certificate:

New-ExchangeCertificate -FriendlyName "SelfSigned Cert2010" -SubjectName "cn=domain name" -DomainName server netbios name,server.domain.local,dyndns-hostname,autodiscover.dyndns-hostname.com, -PrivateKeyExportable $True

Next enable the certificate with Enable-ExchangeCertificate cmdlet. Enable atleast IIS and SMTP.

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx -Services POP,IMAP,SMTP,IIS

Next verify certificate has been installed using EMS/IIS Manager or both. (Sometimes you may have to remove the certificate and then install/enable certificate again).

where dyndns-host name = for e.g. "my.owndomain.net"

Hope that Helps