471 then click Add. 6. Click Computer Account, and then click Next. 7. Click the Local computer (the computer this console is running on) option, and then click Finish. 8. Click Close, and then click OK. How to Back Up Your Server Certificate To back up your server certificates, you use the Export feature of Certificate Manager. Before You Begin Backing up a server certificate is just one step in configuring SSL. For an overview of the procedures you must follow to configure SSL, see "How to Use SSL to Secure the Communications Between the Client Messaging Applications and the Exchange Front-End Server" in the Exchange Server 2003 Client Access Guide. 472 Note: If you do not have Certificate Manager installed in Microsoft Management Console (MMC), see How to Add Certificate Manager to Microsoft Management Console. After you install Certificate Manager, you can back up your server certificate. Procedure To back up your server certificate 1. Locate the correct certificate store. This store is typically the Local Computer store in Certificate Manager. Note: When you have Certificate Manager installed, it points to the correct Local Computer certificate store. 2. In the Personal store, click the certificate that you want to back up. 3. On the Action menu, point to All tasks, and then click Export. 473 4. In the Certificate Manager Export Wizard, click Yes, export the private key. 5. Follow the wizard default settings, and enter a password for the certificate backup file when prompted. Note: Do not select Delete the private key if export is successful because this option disables your current server certificate. 6. Complete the wizard to export a backup copy of your server certificate. For More Information For conceptual information about how configuring SSL, see "Using Secure Sockets Layer" in "Securing Your Exchange Messaging Environment" in the Exchange Server 2003 Client Access Guide. For detailed steps for adding Certificate Manager to MMC, see How to Add Certificate Manager to Microsoft Management Console. 474 How to Configure Virtual Directories to Use SSL After you obtain an SSL certificate to use either with your Exchange front- end server on the default Web site or on the site where you host the \RPC, \OMA, \Microsoft-Server-ActiveSync, \Exchange, \Exchweb, and \Public virtual directories, you can configure the default Web site to require Secure Sockets Layer (SSL). Note: The \Exchange, \Exchweb, \Public, \OMA, and \Microsoft-Server- ActiveSync virtual directories are installed by default on any Exchange 2003 installation. The \RPC virtual directory for RPC over HTTP communication is installed manually when you configure Exchange to support RPC over HTTP. For more information about how to set up Exchange to use RPC over HTTP, see Exchange Server 2003 RPC over HTTP Deployment Scenarios. Before You Begin Configuring virtual directories to use SSL is just one step in configuring SSL. For an overview of the procedures that you must follow to configure SSL, see "How to Use SSL to Secure the Communications Between the 475 Client Messaging Applications and the Exchange Front-End Server" in the Exchange Server 2003 Client Access Guide. Before you perform this procedure, you must read "Using Secure Sockets Layer" in "Securing Your Exchange Messaging Environment" in the Exchange Server 2003 Client Access Guide. Procedure To configure virtual directories to use SSL 1. In Internet Information Services (IIS), select the Default Web site or the Web site where you are hosting your Exchange services, and then click Properties. 2. On the Directory Security tab, in Secure Communications, click Edit. 3. In Secure Communications, select Require Secure Channel (SSL). 4. After you complete this procedure, all virtual directories on the Exchange front-end server on the default Web site are configured to 476 use SSL. How to Configure the RPC Proxy Server to Use Specified Ports for RPC over HTTP This topic explains how to configure the RPC proxy server to use specified ports for RPC over HTTP. Note: You can also use the Rpccfg tool to set and troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit Tools. After you configure the RPC over HTTP networking component for Internet Information Services, configure the RPC proxy server. Configure the RPC proxy server to use specific ports to communicate with the directory service and with the information store on the Exchange computer. For information about configuring all your global catalogs to use specific ports for RPC over HTTP for directory services, see How to Set the 477 NTDS Port on a Global Catalog Server Acting as an Exchange Server 2003 Back-End Server. Before You Begin Verify the registry values automatically set for the Exchange ports mentioned below. When you run Exchange Server 2003 Setup, Exchange is configured to use the ports in the following table. Server Port Service Exchange Server (Global Catalog) 6001 Store 6002 DSReferral 6004 DSProxy 478 The three registry values that follow are automatically configured by Exchange Server 2003 Setup. Although you do not have to configure these registry values, you might want to verify that these registry values are configured correctly. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeIS\ParametersSystem Value name: Rpc/HTTP Port Value type: REG_DWORD Value data: 0x1771 (Decimal 6001) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeSA\Parameters Value name: HTTP Port Value type: REG_DWORD Value data: 0x1772 (Decimal 6002) 479 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSEx changeSA\Parameters Value name: Rpc/HTTP NSPI Port Value type: REG_DWORD Value data: 0x1774 (Decimal 6004) Note: Do not modify these registry values. If you modify these registry values, RPC over HTTP may not function correctly. To configure the RPC proxy server to use specific ports, follow the steps below. The following steps contain information about editing the registry. Caution: Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data. 480 Procedure To configure the RPC proxy server to use specified ports for RPC over HTTP 1. On the RPC proxy server, start Registry Editor (Regedit). 2. In the console tree, locate the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy 3. In the details pane, right-click the ValidPorts subkey, and then click Modify. 4. In Edit String, in the Value data box, type the following information: ExchangeServer:6001-6002;ExchangeServerFQDN:6001- 6002;ExchangeServer:6004;ExchangeServerFQDN:6004;  ExchangeServer is the NetBIOS name of your Exchange server.  ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server. If the FQDN that is used to access . information: ExchangeServer:6001-6002;ExchangeServerFQDN:6001- 6002;ExchangeServer:6004;ExchangeServerFQDN:6004;  ExchangeServer is the NetBIOS name of your Exchange server.  ExchangeServerFQDN. Catalog Server Acting as an Exchange Server 2003 Back-End Server. Before You Begin Verify the registry values automatically set for the Exchange ports mentioned below. When you run Exchange Server. Applications and the Exchange Front-End Server& quot; in the Exchange Server 2003 Client Access Guide. 472 Note: If you do not have Certificate Manager installed in Microsoft Management