Create Certificate for Exchange 2007 server using windows CA
Posted by Russ Richards on 01 November 2011 08:12 AM

Create Certificate for Exchange 2007 Servers using Windows CA

Create Certificate for Exchange 2007 Servers using Windows CA 
Exchange 2007 uses SSL for OWA and SMTP, the exchange certificate created by the installation is not suitable for Exchange 2007 use.

You need to create a new certificate using SAN (Subject Alternate Name) extension to support the multi value names used by Exchange servers and clients.

Step1: Use Exchange Management Shell to create the CSR (Certificate request)

New-ExchangeCertificate -GenerateRequest - Domainname,,, ServerName -FriendlyName -PrivateKeyExportable: $True -path c:\Cert.req

The first name in the certificate should be your external server name, the certificate should include the servers FQDN, NetBIOS Name and Autodiscovery for Outlook 2007 users.

Step2: Open the CSR file created in the previous step and copy it.

Open you CA web page and click the Request a certificate

Click the advanced certificate request

Select the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Paste the CSR from step1 and select the web server template

Clicks submit if this is an Enterprise CA your request will be processed immediately else issue the certificate manually and downloaded it for the CA.

Click download and save the file.

Step3: Now import the certificate to the Exchange server using Exchange Management Shell 
Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTP

Now the certificate should look like this:

The subject should include you external server name (if exposed to the internet)

The Subject Alternate Name should include all names supplied in the request


(0 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).