Latest posts by Kyle Beckman (see all)
- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
One of the biggest selling points of Work Folders is that it allows your end users to synchronize corporate data to their personally owned devices with little or no intervention from IT. Since these personally owned devices aren’t going to be managed by IT, we’ll have to take a few extra steps to make sure that end users don’t receive errors when trying to connect to the Work Folders server.
Do you have to use a certificate from a public CA? Technically, no. If you’re only going to expose Work Folders to corporately-managed devices, you can use a certificate from an internal CA and you should be fine.
If you are going to expose Work Folders to non-corporate devices, I usually prefer to go with the solution that is going to generate the fewest support requests. If you have to publish complicated instructions, end users are either going to generate support requests or use an unauthorized solution. If IT takes the time to do the extra setup of using a cert from a public CA, it will eliminate a lot of support headache down the road.
Syncing of data between clients and the Work Folders server is handled by the IIS Hostable Web Core which you may have noticed was installed when we installed Work Folders earlier. To manage the certificates, we’ll need to install the IIS management tools by running the following PowerShell command:
Next, open the Internet Information Services (IIS) Manager and find the Default Web Site for your Work Folders server.
Internet Information Services (IIS) Manager
The IIS Hostable Web Core should appear to be stopped even though it isn’t. Click on the server name and then double-click on Certificates. In the Actions pane, click on Create Certificate Request.
Create Certificate Request
Fill out the Distinguished Name Properties using your organization’s information. Don’t forget to use the DNS name we created back in Part 2 if you created a DNS entry for the Work Folders server.
Distinguished Name Properties
Make sure your Bit length is at least 2048, choose a name for your certificate request file, and click Finish.
Bit length / File name for the certificate request
You should end up with a certificate request that looks something like the screenshot below that can be submitted to any of the public certificate authorities.
Take the certificate request (CSR) to any of the public Certificate Authorities and purchase your SSL certificate. Once you’ve got the signed certificate, you can go back into the IIS Manager and click Complete Certificate Request to finish the process.
Complete Certificate Request
Before completing the certificate process, check with your Certificate Authority to see if you need to load their Root and/or Intermediate certificates onto your server. If these certificates are needed, you may receive an error in the IIS Manager when trying to add your new certificate.
Specify the path to the certificate, a friendly name, and where the certificate should be stored. Once you’re done, the certificate should look something like in the second screenshot below.
Specify Certificate Auhtority Response / Server certificates in IIS Manager
Click on Default Web Site in the IIS Manager and then click Bindings in the Actions pane.
Click the Add button.
Add Site Bindings
Specify HTTPS, select the SSL certificate that was just added, and click OK.
Select the SSL certificate
At this point, Work Folders is configured and ready for users to connect securely. In our next part, I’ll cover setting up the clients to access Work Folders.