Certificates for Exchange

I needed to run up a lab environment to test an Exchange 2010 hybrid.  For this I needed certificates but I didn’t really want to purchase a SAN cert for what was to be a short period of testing.

This came to my rescue;

 https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/Create-a-SAN-certificate-for-Microsoft-Exchange-2016,-2013-&-2010

Exchange 2010 – Office 365 Hybrid

Creating an Exchange 2010 to Office 365 hybrid;

Login to your Office 365 tenancy – Admin – Exchange Admin – Hybrid – Configure

This downloads the hybrid configuration wizard (HCW).  Do the above using IE, initially I used Chrome and I got an error when executing the exe after the download.

In first part the wizard detects the optimal Exchange server to use for the hybrid connection.  In my case I only have a single Exchange 2010 server;

hybrid1

Enter your on premises account info to connect to Exchange (you can see I left the tickbox selected to use the credentials I was signed in with.  And enter your global admin details for your 365 tenancy

hybrid2

hybrid3

The wizard collects some info and connects to Exchange on premises and Exchange online via PowerShell – then click next

hybrid5

I’ve chosen ‘Full Hybrid Configuration’ as I need fill free/busy, sharing and mail flow

hybrid6

 

Click ‘enable’ to create the federation trust

hybrid7

You will need to create a txt record in your DNS zone to prove domain ownership

hybrid9

After proving your domain ownership you are asked for information on the mail flow in the hybrid configuration.  The default is good for my needs

hybrid13

You are then asked to select the hub transport server for the transport configuration.  This is the server that weill host the send connectors for mail transport to Exchange online

hybrid14

You are then asked for the public IP of your hub transport servers.  In my case this is a NAT to the internal Ex2010 server

hybrid15

You then need to choose your transport certificate.  This needs to be a public cert

hybrid16

You then need to enter the FQDN of your Exchange org.  This tells Office 365 where to send email bound for on premises users i.e. before users have been migrated. It creates an outbound connector in Exchange online.

hybrid18

 

On the next page you simply click update – in the background a number of powershell commands are run which do the all configuration work.