by Steve Galloway | Apr 22, 2015
This article will assist you in setting up a free UK2 SSL certificate using your cPanel account.
**All pictures are for reference only. The actual layout of your interface may differ from the images below**
**You will need to change all references of yourdomain.co.uk to the domain that you for which you are creating the SSL.**
STEP 1: If you are running a live site and wish to install an SSL on to it the site must first be assigned a dedicated IP. This can be requested by submitting a ticket to technical support.
**When applying this dedicated IP, the DNS records may take up to 24 hours to fully point to the new IP, your site will be down during that time, so please let us know what time will be best for this IP to applied.**
STEP 2: Log into your cPanel interface. You can log in at yourdomain.co.uk:2082 replacing the example with your domain name.
**If you need help logging in, our technical support department would be happy to help. Just submit a ticket requesting your login credentials and be sure to include the domain name you need access to.**
Step 3: Once logged into the Cpanel, click on SSL/TLS Manager in the Security section.
STEP 4: On the page that loads you will go to the link under Private Keys
STEP 5: At the top of the page there is a section to Generate a New Key select your domain from the drop down menu. You must use 2,048 bits key.
On the page that loads click on the Return to SSL Manager.
Step 6: You will now click on the link under the Certificate Signing Requests (CSR)
Step 7: You will now fill out the form for the domain that you wish to create the SSL on.
Key: (Select the key that you generated in STEP 5)
Domains: yourdomain.co.uk (Or your preferred hostname, e.g. secure.yourdomain.co.uk or shop.yourdomain.co.uk. **Please note that www.yourdomain.co.uk is automatically included if you enter yourdomain.co.uk)
City: (Your city)
State: (Your state or province)
Country: (Your country)
Company: (The name of your company)
Company Division: (What your company does, e.g. if you run an ecommerce shop you can put E-commerce.)
Email: (An email on your domain, most commonly admin@yourdomain.co.uk)
Pass Phrase: (A secure combination of numbers and letters)
Description: (A way for you to recognise the certificate in the future)
Once you’ve filled-in each of the fields, click “Generate.”
STEP 8: Once the page has loaded with the new CSR information you will want to copy the content of the box that starts with “—–BEGIN CERTIFICATE REQUEST—–“ as this information will need to be used later.
STEP 9: You will now need to visit the following link: https://ssl.uk2.net/cgi-bin/certificate-apply.pl
Step 10: Fill in the “Hostname.” This needs to be the same that you entered into the earlier forms. (e.g. yourdomain.co.uk.) Click “Submit.”
Step 11: Select the email address you wish to receive the confirmation email to.
Click Submit.
Step 12: Fill out the form with the information requested. You will want to match the previous forms that you have filled. You will need to select Apache/ModSSL as the server software. You will also paste the CSR that you copied earlier.
Step 13: You will receive an email to the email you selected in Step 13 with the day, click the link in the email and paste the confirmation code that has been provided in the same message.
STEP 14: Then 1-2 days after providing the confirmation code your SSL should be ready, retrieve your SSL package, download and extract the archive.
This extracted folder will have four files in it. You will need to use the one that shows: yourdomain_co_uk in future steps.
Step 15: With the yourdomain_co_uk file handy log back into the Cpanel, click on SSL/TLS Manager in the Security section. (See Step 2 and 3 if you do not remember how)
You will now click on the link under the Certificates (CRT)
Step 16: On the new page scroll down to “Choose a certificate file (*.crt).” and click “Choose File.”
Locate the yourdomain_co_uk.crt file on your computer and click “Open.”
Enter a description and then click “Upload Certificate”
STEP 17: Now go back to the SSL/TLS Manager and click on the link under Install and Manage SSL for your site (HTTPS).
Step 18: You will select the domain that you are using and then click Browse Certificate and select your certificate. Also, be sure to click “autofill by domain” to load the certificate keys.
Then at the bottom of the page you will click Install Certificate
If you encounter any errors or problems with this process, please contact our technical support department. They will be happy to help resolve any issues you experience.
by Steve Galloway | Dec 14, 2014
This article explains how to configure Exchange Online for Office 365 Message Encryption. Office 365 Message Encryption is an encryption system delivered via Microsoft’s Information Rights Management (IRM) framework using “transport rules”. When emails meeting criteria, for instance subject headers, are met, the encryption service is run on outgoing email. This means users do not have to deploy services on individual hosts to use encryption services. As long as one or more metrics meet established criteria, email sent from any device will be encrypted when it is processed by the server.
Please read the whole article before beginning work. Configured hosts can be used to manage customers’ servers provided the network administrator has a customer’s global administrator rights.
Powershell users may like to approach this manually, however using the automated approach set out here, users avoid the problem of having to configure a “Trusted Publishing Domain“. Without a Trusted Publishing Domain, IRM services cannot be enabled manually.
Office 365 Message Encryption relies on IRM services which in turn depend on Azure Directory Services (ADS) which is available with E* subscriptions, and possibly with Business Premium. ADS must still be manually activated by going to: Admin – Office 365 – Service Settings – Rights Management.
Once Azure Directory Services are active, IRM can be enabled on Exchange Online Server in a one-off modification, and then users can establish “rules” for Microsoft Office 365 Message Encryption in Admin – Exchange – Mail Flow – Rules.
Workstation Prerequisites:
Office 365 Message Encryption requires IRM services to be enabled on Exchange Online. Although ADS is enabled using the portal, IRM is enabledd via a Powershell remote session to invoke a script provided by Microsoft called EnableIRMforEXO. The remote session requires the four applications to be installed on the local host:
Install the applications in the order listed. Note also that Powershell (PS) mus run in Administrator mode.
PS runs in a restricted mode by default that prohibits the execution of unsigned scripts. If PS has not been modified, users will typically get a PS error message like:
File C:\Common\Scripts\hello.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.
At line:1 char:13
+ .\hello.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
To enable scripting, open PS and run the following command. This is a one time command, and can be disabled.
set-executionpolicy remotesigned
Enabling IRM on Exchange Online
Using the unzipped script – EnableIRMforEXO – Powershell establishes a remote session with Exchange Online Server, and on confirmation of location and user credentials, executes the necessary server modifications. The command can be fully executed with strings for “location” and “get-credentials”, however the cmdlet works more reliably if it is left to call for location and credentials itself. These instructions assume the script is installed in c:\scripts\
- open Powershell
- enter c:\scripts\EnableIRMforEXO
- when prompted for location, input European Union
- complete when prompted for user name etc.
The process will execute and return results. This should be adequate for enabling Office 365 Message Encryption.
by Steve Galloway | Dec 4, 2014
We are upgrading our IMAP email platform in early 2015. This is a major system upgrade which is being released in a staged roll-out. We do not have confirmed dates, so be sure to check back for updates.
The IMAP service was introduced in 2014 to cope with users who needed email synchronisation on multiple devices. During 2014 ComStat gained Microsoft Cloud Partner certification and comsequently we intend to deprecate both POP3 and IMAP email services in favour of our Microsoft Exchange service during 2015. Exchange provides a broader service specification for users who need SLA-backed reliability.
Although this service is scheduled for deprecation, we will continue to support the platform for existing users until pending renewal.
The engineering work does not affect ComStat’s Exchange/Office 365 users.
During the IMAP platform re-build we expect some degradation of service and possible disruption. IMAP users who require continuous service may want to consider migrating to Exchange in advance of their normal renewal dates – please contact Steve Galloway on 07834 461 266 for more guidance.
by Steve Galloway | Oct 17, 2014
Microsoft’s Exchange Server Deployment Assistant helps engineers to prepare for migration of Exchange Server environments to current versions of Exchange. Migration has always been an obstacle for organisations and engineers alike, and even in 2014, organisations ran platforms dating as far back as Exchange 2010, 2007, and 2003.
It is understandable why earlier versions of Exchange pose difficult choices – in 2003, nobody understood how cloud based infrastructures would develop commercially. Exchange 2010 was the first platform designed with consideration for future cloud developments. Whereas once backups were a major consideration, the evolution of Exchange’s Database Availability Groups (DAG) means that with mail databases replicating across multiple servers, backup practices which sag under ever increasing data volumes, have given way to the alternate pursuit of high availability services which make single points of failure a minimal risk.
Plotting a path for migration is not for the faint hearted. Neither Exchange 2003 nor 2007 can be migrated to 2013. Exchange 2007 needs a path of some description via 2010, and problems with 2003 migration can be alleviated with some nifty tricks in Exchange 2013 Online by porting ‘2013 to 2010 Client Access Server (CAS) and then conducting migration to Exchange 2013 Online.
Microsoft’s Exchange Server Deployment Assistant gives both engineers and IT advisors an invaluable roadmap for bringing services into line with today’s powerful functionality.
