Exchange 2007 Certificate Installation in 7 Easy Steps!

Ok, so I know this information is already out there in many formats, but I’m asked how to do it on a regular basis anyway.  And while using www.letmegooglethatforyou.com is a fun site, it’s a good way to lose a client (or at least get uninvited to lunch)!  So here’s how to configure Exchange 2007 to use an public SSL certificate:

 

(the fast, no-nonsense version)

 

1.  Use this link to generate the cmdlet structure for your PowerShell command.  This will output the CSR https://www.digicert.com/easy-csr/exchange2007.htm

2.       Send the CSR to a trusted provider.

a.       Entrust is my favorite but GoDaddy is the cheapest.  Other UCC vendors include DigiCert and Comodo. 

b.      More detail here: http://support.microsoft.com/kb/929395

c.       You’ll notice VeriSign isn’t on this list.  They DO offer UCC but only if you spend thousands in their managed PKI program…

3.       While Windows Mobile support all of these vendors, understand that the iPhone and Palm may not.

a.       Palm doesn’t support UCC at all, but you can get around that by using a UCC / SAN cert anyway, and just putting the OWA/ActiveSync FQDN as the primary name in the certificate.  It just can’t read the alternate fields.

4.       Once you get the certificate back, rename it to a .cer file

5.       Open PowerShell again and type: Import-ExchangeCertificate c:\filename.cer

6.       Type Get-ExchangeCertficate to see your new cert at the top of the list.  Copy the thumbprint to the clipboard.

7.       Then type: Enable-ExchangeCertificate –Thumbprint xxx –services iis, smtp, pop, imap, um

a.       Don’t list all the services unless the role is actually installed on the box itself

b.      If you intend to use the same cert on multiple servers, understand that may break your agreement with the Certificate Authority, and you have to import the key pair on the 2nd server before step 6 works.

Misc:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s