網頁

2011年12月24日 星期六

超屌的賀卡

最近陸陸續續收到朋友所寄的"耶誕節"電子賀卡,今年的耶誕節已經來臨了!
每年總是從網站上找尋好心人士所提供的賀卡,再從中挑選自己喜歡的,寫上些祝賀語詞後送給親朋好友,但今年是希望來點不一樣的.
一來是網站上拿現成的,擔心會有侵犯他人著作權,尤其是目前個資法已經立法通過,更要小心謹慎.再者是賀卡既然是放在公眾場所供人挑選,或許眼光也會與他人相同,挑到一樣的作品,所以覺得賀卡要自己創作才對.

想想女兒的繪畫滿不錯的,就請女兒獻上她的作品. 只見她拿自己做的紙娃娃,找張空白紙花2~3分鐘畫上背景就大功告成了. 最後我再用掃描機掃圖後,就形成了以下的賀卡:

至於兒子,就用電腦上的小畫家畫上以下的作品:

眼看兩個小孩不到數分鐘的時間就完成賀卡,心想:"老爸也該表現表現自己的繪畫天分了!"
自以為自己電腦還算不賴,用小畫家畫應該也不會差很多,就也塗鴉般地創作.果然是,差很大...
畫完後小孩們看到真是笑翻天,直說: "好像是三歲小孩的作品"!
真有這樣嗎? 請大家評評理!

2011年12月22日 星期四

Remove/Create the Exchange Self-Singed Certificate

If you have a legal certificate for Exchange 2010 service as IIS/SMTP/POP/IMAP, you can remove the self-signed certificate from Server anytime and the service still be working fine always.

How to remove the self-signed certificate? It is very simple.
If you want to remove it from CAS, you just need to select this certificate next to click "remove" hyperlink in Exchange Management Console.
And Click "OK" button.

But,If I repent to do it,how to recreate the self-singed certificate? It is also very simple.
Let me show you how to recreate it after delete it.

In Exchange Poershell, execute a command "New-ExchagneCertificate"

You will see a new the self-singed certificate in this server now.


2011年12月15日 星期四

Assign IIS/POP/IMAP/SMTP Service to the Wildcard Certificate

After requesting a valid wildcard Certificate on Exchange 2010 CAS, I will assign the Service to this Certificate now.
What Service will be assigned? IIS, POP3, IMAP4 and SMTP.
That is the existing Service in CAS!

Assign IIS Service to the Wildcard Certificate

  • In Exchange Management Console, Click "Service Configuration" --> "TEST-CAS-01" --> "Adatum Mail System Certificate" --> "Assign Service to Certificate"

  • Select which Servers will be assigned this certificate. In this case, we will select CAS as "TEST-CAS-01" next to click "Next > " button.

  • Enable "Internet Message Access Protocol(IMAP)", "Post Office Protocol(POP)", "Internet Information Service(IIS)" check box and click "Next > " button




  •  Click "Assign" button


  • You will see two warning message about POP and IMAP. Please temporarily neglect this and click "Finish" button.

  • Finally, it is successful for me to assigning the wildcard Certificate to IIS Service. But POP and IMAP fail.


Assign POP/IMAP to the Wildcard Certificate

  • In the above wizard process, we see a warning message about POP/IMAP fail due to the subject use "*.adatum.com" wildcard name, not FQDN. So that we need to execute the special command to set it.


  •  Execute "Exchange Management Shell" in CAS


  •   Key "Get-POPSettings" and "Get-IMAPSettings" to realize X509CertificateName information


  •  Key "Set-POPSettings -X509Certificate mymail.adatum.com" and "Set-POPSettings -X509Certificate mymail.adatum.com"


  • Redo "Get-POPSettings" and "Get-IMAPSettings" again, you will see X509CertificateName information will be changed from TEST-CAS-01 to mymail.adatum.com


Assign SMTP Service to the Wildcard Certificate
Due to SMTP Service build in HUB role, we need to export the wildcard certificate from CAS and import it to HUB. (or you can directly import it from the requested CA as the previous article explain.)


  • In Exchange Management Console, Click "Service Configuration" --> "TEST-CAS-01" --> "Adatum Mail System Certificate" --> "Export Exchange Certificate..."


  •  Click "Browse..." button


  •  Select one path to locate the certificate file as "exchange cas.pfx"


  •  Set password next to click "Export" button


  •  Click "Finish" button


  • Click "TEST-HUB-01" --> "Import Exchange Certificate..."


  •  Click "Browse..." button


  •  Select the exported certificate to open it.


  •  Key in the password to decrypt it.


  •  Select which servers will be imported the certificate next to click "Next > " button.


  •  Click "Import" button


  •  Click "Finish" button


  •  In HUB, it has already added one new Wildcard Certificate but services is None. So that need to do "Assign  Service to Certificate..." activity by clicking this hyperlink.


  •  Select "TEST-HUB-01" next to click "Next > " button.


  •  Enable "Simple Mail Transfer Protocol (SMTP)" check box


  •  Click "Assign" button


  •  Click "Yes"button to overwrite the existing default SMTP certificate by the new Wildcard Certificate


  •  Click "Finish" button


  • The Certificate Services Information has already been changed from None to SMTP now.


  •  Finally, you can do command as "Get-ExchangeCertificate | fl" in Exchange Management Shell to realize all certificate information in HUB Server.


After finishing the above steps, the Web/POP/IMAP/SMTP can use the Wildcard Certificate to do security channel now.
So do that we will save the money due to just need to buy "One" Wildcard Certificate!

2011年12月10日 星期六

Request a Certificate for Exchange 2010

For realizing Exchange 2010 new function, I build the related system on Hyper-V environment so that can also understand the Hyper-V mechanism.

At first, I need to request a certificate for Exchange because it always need to be used on communicate between Servers or Client and Server.

Let us begin to learn "How to request a certificate for Exchange 2010" now!


Create new certificate on Exchange Server

  • Click "Server Configuration" --> "TEST-CAS-01" --> "New Exchange Certificate..."


  • Enter a friendly name as "Adatum Mail System" --> "Next > " button


  • Click "Enable wildcard certificate" check box --> Enter "Root domain" as "*.adatum.com" --> Click "Next > " button


  • Enter "Organization and Location" information and save a "Certificate Request file" on one path, next to "Next> " button


  • Click "New" button


  • Click "Finish" button


  • Finally, you will see a new certificate that the status is "This is a pending certificate...".  So you have to do the next step --- Let this certificate is valid.


Request the Certificate from a CA
Due to I use the Active Directory Certificate Services of Windows Server 2008 R2 as CA, I will show how to request the certificate from this CA.


  • Enter the requested URL to click "Request a certificate"

  • Click "advanced certificate request"

  • Click "Submit a certificate request by using a base 64 encoded CMC ..."

  • At the moment, please open a certificate request file that the previous activity never save as a "reg" format on one path.

  • Please mark the content between BEGIN and END New CERTIFICATION REQUEST next to copy it.


  • Return to the original request form next to paste it on "Saved Request".


  • Change Certificate Template to "Web Server" next to click "Submit> " button


  • Click "Download certificate"


  • Save as "certnew.cer" to one location


Active Exchange Certificate

  • Right-Click the pending certificate next to select "Complete Pending Request..."


  •  Click "Browse..." button


  •  Select "certnew.cer" file


  •  Click "Complete" button


  •  If complete Pending Request process,


  •  You will see the Exchange Certificate status is from "Pending" to "Valid".


Now the exchange will have a certificate on CAS.

Otherwise, this certificate have no any function now until it be assigned to the Exchange Service as SMTP,POP3,IMAP,UM and so on.
I will show it on next article how to assign the wildcard certificate to Exchange Service.
Please wait...
Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.