Export private key and certificate from IIS .pfx file
If you need to move or copy a certificate from Windows IIS6 to Linux Apache server (or other device requiring .key and .crt formats) perform following steps:
1. Export IIS6 certificate into into .pfx format
On Windows Server machine
Start > Run MMC
File > Add/Remove Snap-in
Add > Certificates > Add > Computer Account > Local Computer
Navigate to Certificates > Personal > Certificates
Right click your certificate > All Tasks > Export
Yes, export private key
Personal Information Exchange (.pfx) - clear all checkboxes
leave password blank
Choose where to save file
Finish
2 . Extract private key and certificate file
You need OpenSSL to extract private key and certificate from .pfx
If you have Linux web server in place you should already have openssl there.
Alternatively you can download and install Windows version. For more info and latest versions check here
If you installed Windows version run openssl.exe from C:\OpenSSL-Win32\bin
In Linux version just type openssl in terminal
in OpenSSL
Export private key and certificate:
pkcs12 -in "C:\your\path\filename.pfx" -out "C:\your\path\cert.pem"
Enter Import Password: leave blank
Enter PEM pass phrase: 1234 (or anything else)
Created cert.pem file will have encrypted private key and all certificates (identity, root, intermediate) in a plain text.
To extract certificates or encrypted private key just open cert.pem in a text editor and copy required parts to a new .crt or .key file. If formatting doesn't look right in Windows notepad use Notepad++ or similar text editor.
If you need private key in not encrypted format you can extract it from cert.pem removing encryption:
rsa -in "C:\your\path\cert.pem" -out "C:\your\path\PrivateKey.key"
Enter pass phrase (1234 or somethinkg else you set previously) to remove encryption.
Windows Server 2003
IIS6
OpenSSL
Restore Exchange 2007 mailbox to a test lab server (ntbackup)
This guide helps to restore an Exchange 2007 mailbox to a test lab server on an isolated network and extract restored mailbox as a .pst file.
Normally you can only restore Exchange within the same organisation. If you want to restore Exchange mailbox to a server on a completely different network you have to replicate your domain and exchange setup.
1. Create a new virtual machine (or use a physical PC) on an isolated network not connected to your existing environment.
2. Install Windows Server 2003 (R2) 64 bit with SP2.
- Start > Run > dcpromo. Create a new domain with the same name as you existing one.
3. Install Exchange server 2007
- Install Microsoft .NET Framework Version 2.0 Redistributable Package (x64)
- Install Windows PowerShell 1.0 Windows Server 2003 x64 Edition
- You may also need to install following updates before you can install Exchnage:
KB926776-X64
KB942763
Microsoft .NET Framework 2.0 Service Pack 1 (x64) - Enable IIS and WWW services: Add Remove Programs > Add Remove Windows Components > Application Server > Details > IIS.
- Raise Domain Functional Level to Windows Server 2003: AD Users and Computers > mydomain.local > Raise Domain Functional Level.
- Install Exchange Server 2007 SP1. Choose "Typical installation".
- Make sure Exchange organisation name matches your existing Exchange organisation's name. To find Organisation Name of existing Exchange server run Shell command Get-OrganizationConfig | select name.
4. Restart newly installed Exchange Server.
5. Exchange Management Console (EMC) > Server Configuration > Mailbox Rename "First Storage Group" and "Mailbox Database" so they have the same names as the storage group and database you are restoring from.
6. Create new Recovery database. Exchange Management Console (EMC) > Toolbox > Database Recovery Management
- Create a Recovery Storage Group. Use default values.
- Using tasks in the opened Troubleshooting Assistant make sure Recovery database is dismounted and flag "Database can be overwritten by restore" is set.
7. Open Windows Backup utility (ntbackup) > Restore and Manage Media > Tools > Catalog a backup file > Select your .bkf backup file you will be restoring from.
- Browse and select required storage group.
- Click "Start Restore".
- Enter <servername> of your new Exchange server in "Restore to exchange" (Server names of old and new servers do not have to match)
- Check "Last Restore Set" if this is the only restore you are going to run on this storage group.
- Enter path for TMP files.
- Click OK and run the Restore operation.
8. EMC > Recipient Configuration > Mailbox. Create a new mailbox where you will be restoring data.
9. Go back to Troubleshooting Assistant and Mount Recovery Storage Group.
10. Now you need to transfer restored mailbox from Recovery Storage Group to your main storage group.
Open Exchange Management Shell (EMS) and run: restore-mailbox -RSGMailbox '<User Name>' -RSGDatabase 'Recovery Storage Group\Mailbox Database' -id '<user.name>' -TargetFolder 'Restore'
"<User Name>" is full name of the user you are restoring
"<user.name>" is an alias of the user you created in stage 8.
11. Now you have only left to extract recovered mailbox into .PST file. This can only be done on a 32 bit computer with Outlook 2003 SP2 or later installed.
12. Install new Windows XP workstation on the same isolated network and join the domain.
13. Install MS Exchange 2007 SP1 32 bit version.
- Choose Custom Installation and select Management Tools only.
- As with the Exchange server you may need to install .NET framework, PowerShell and some other updates required for Exchange installation.
14. Install MS Outlook 2003 SP2 or later.
15. Export mailbox into .pst file - EMS > Export-Mailbox –Identity <user.name> -PSTFolderPath <pathToSavePST>
If you get Error: Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider, you need to set appropriate Exchange permissions to the user account you are logged on.
EMC > Organisation Configuration > Exchange Administrators > Add Exchange Administrator > Exchange Server Administrator Role
EMC > Recipient Configuration > Mailbox > user.name > Manage Full Access Permissions > Add
Useful Exchange 2007 and 2010 Management Shell commands
Statistics
Get-MailboxStatistics -server <ServerName>
Get a list of all mailboxes, number of items, Storage Limit Status and Last Logon Time
Get-MailboxStatistics –server <ServerName> | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount, storagelimitstatus
Get list of all mailboxes, sizes in MB, number of items and limit status. Sorted by size.
Get-MailboxStatistics -server <ServerName> | sort -Property @{expression={$_.TotalDeletedItemSize.value.ToMB()}} -Descending | select-object DisplayName, @{expression={$_.TotalDeletedItemSize.value.ToMB()};Label="Dumpster(MB)"}, @{expression={$_.totalitemsize.value.ToMB()}; label="Mailbox Size (MB)"}
Get list of all mailboxes and their dumpster sizes. Sorted by dumpster size.
Get-Mailbox | Get-MailboxFolderStatistics | sort -Property {$_.FolderAndSubFolderSize.ToMb()} -Descending | where{$_.FolderType -eq "DeletedItems"} | Select-Object Identity, @{expression={$_.FolderAndSubFolderSize.ToMb()};Label="Size of Deleted Items"}, ItemsInFolderAndSubFolders | fl
Get list of sizes and number of items of Deleted Items for all users. Sorted by Deleted Items folder size.
If you want results to be exported into .csv file, replace | fl with | Export-Csv c:\deleted_items.csv
Get-Mailbox | Format-Table alias, *quota
Retrieves all mailbox users with mailbox quotas (only set explicitly). "unlimited" may be misleading if default quota is used. See bellow.
Get-Mailbox -id "**" | fl *quota*
A value of TRUE on UseDatabaseQuotaDefaults means that the per-mailbox settings are ignored and the mailbox database defaults are used.
Read more: Useful Exchange 2007 and 2010 Management Shell commands
Message Size Limits in Exchange 2007
There are number of places to limit message size in Exchnage 2007:
1. Organizational limits: Apply to all Exchange servers in the Organization
EMC > Organization Configuration > Hub Transport > Global Settings tab > Transport Settings > Properties > General.
2. Receive Connector limit: Receive Connectors are only used to receive messages
EMC > Server Configuration > Hub Transport > Receive Connectors > Connector > Properties > General.
3. Send Connector limit: Send Connectors are used for sending outgoing messages to the internet or particular address spaces (domains).
EMC > Organization Configuration > Hub Transport > Send Connectors > Connector > Properties > General
4. Mailbox limit: Individual recipients (mailboxes, etc) can have their own limits to bypass the Organizational limits (only for internal messages).
Recipients > Mailbox > select mailbox > properties > Mail Flow Settings > Message Size Restrictions
5. Global Settings: Global settings can impact Exchange Server 2007 recipients (if upgraded from Exchange 2003)
Exchange Server 2003 Global Settings > Message Delivery > Properties
If all Exchange 2003 servers were removed Using ADSIEdit.
In Exchange Server 2007 SP1 changing Organisation Transport limits automatically change Global limits.
6. Active Directory SiteLink limit: In Exchange Server 2007 SP1, you can also set maximum message size limit on AD Site Links.
Exchange Server 2007 uses the AD Site topology to determine the least cost paths. If the message size to be delivered to a remote AD Site exceeds the limit on the AD Site Link, message delivery will fail.
By default, the MaxMessageSize on AD Site Links is set to unlimited. This can be changed using Exchange Management Shell (EMS):
Set-ADSiteLink "<Site Link Name>" -MaxMessageSize 20Mb
7. Routing Group Connector Limit: Routing Group Connectors are used in co-existence scenarios to transfer messages between Exchange Server 2003/2000 Routing Groups and the Exchange Server 2007 Routing Group. Messages exchanged between these Routing Groups should be below the message size limits of their respective RGCs. The default is set to unlimited. To set the MaxMessageSize on a Routing Group Connector:
Set-RoutingGroupConnector "<Connector name>" -MaxMessageSize 20Mb
Source: http://exchangepedia.com/2007/09/exchange-server-2007-setting-message-size-limits.html
Exchange Server 2007
- Disconnect or block user
- Send Email from a .bat script
- MS Exchange Server 2007 - Export Message Tracking Results
- Renewing MS Exchange 2007 self-signed certificate
- Outlook 2007 and 2010 warning "The name of the security certificate is invalid or does not match the name of the site"
- Check Installed Programs Remotely (vbscript)
- Delete old files (vbscript)
- Configure NTP Time Service on Windows Server DC
- MS Exchange 2003 ActiveSync Mobile Administration Tool
- Installing PHP 5.2 on IIS6