Knowledgebase
Knowledgebase:
Create Certificate for Exchange 2007 server using windows CA
Posted by Russ Richards on 01 November 2011 08:12 AM

Create Certificate for Exchange 2007 Servers using Windows CA

Create Certificate for Exchange 2007 Servers using Windows CA 
Exchange 2007 uses SSL for OWA and SMTP, the exchange certificate created by the installation is not suitable for Exchange 2007 use.


You need to create a new certificate using SAN (Subject Alternate Name) extension to support the multi value names used by Exchange servers and clients.


Step1: Use Exchange Management Shell to create the CSR (Certificate request)


New-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.req


The first name in the certificate should be your external server name, the certificate should include the servers FQDN, NetBIOS Name and Autodiscovery for Outlook 2007 users.


Step2: Open the CSR file created in the previous step and copy it.

image 
Open you CA web page and click the Request a certificate

image 
Click the advanced certificate request

image 
Select the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

image 
Paste the CSR from step1 and select the web server template

image 
Clicks submit if this is an Enterprise CA your request will be processed immediately else issue the certificate manually and downloaded it for the CA.

image 
Click download and save the file.


Step3: Now import the certificate to the Exchange server using Exchange Management Shell 
Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTP


Now the certificate should look like this:


The subject should include you external server name (if exposed to the internet)

image 
The Subject Alternate Name should include all names supplied in the request

image

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).