I'm trying to set up a decent PKI at my organization using Microsoft's tools
and I've run into a roadblock. When I'm installing the requisite software
for the Exchange KM server I keep reading about making sure that the
Microsoft Exchange Server policy module is installed in the Certificate
Now the Certificate Server is installed OK- I can generate certificates with
it just fine. When I install the KM server on exchange I keep waiting for it
to ask me about the CA [at which point I'll direct it to Certificate
Server], but it never happens.
The KM also installs, but I don't think it has anything to do with the
Certificate Server CA. The CA is called "CA" and not "OrganizationCA". So I
think I'm just duplicating infrastructure here when I'd really like to use
just 1 CA for the entire PKI.
In the public certificates directory there is a file called
MACHINE_OrganizationCA_Exchange.crt [names have been made generic]. It seems
a lot like the MACHINE_OrganizationCA.crt file that I used to initialize the
root authority. But whenever I try to use it I get an invalid certificate
notice. Is this the certificate I should use as the root Certificate for my
I've searched everything I can think of for some clue on where to find this
module and come up empty handed.
Has anyone done this and made it work? Any help appreciated.