Not posted in a while and one of my junior engineers asked this question so I thought I would prepare this guide and send him the link 😉
First thing is to generate the CSR which you do from Exchange.
Open Exchange Management Console
Select Server Configuration and then select the server you want followed by “New Exchange Certificate” in the right hand action pane
Enter a friendly name you wont forget (I just named mine what the URL for OWA was going to be)
Tick Enable Wildcard Certificate (if using a wildcard if not just press continue)
Enter wildcard address e.g. *.microsoft.com
Fill in all the Organizational and Location information
Certification Request File path just put the path and filename (anything you want) as it will just generate a .REQ file. Put on C:Cert directory for example
Open the .REQ file in notepad and copy and paste the all of the code
I am using GoDaddy so I needed to generate a new Key. I opened my Account, Selected SSL opened *.domain.com and press Generate Key. I pasted the CSR from the .REQ earlier and it loaded and generated a .zip file which I downloaded to my Exchange 2010 Server.
Exchange 2010 Server
Unzip .zip file to C:Cert (will be 2 files)
Load MMC –> File –> Add/Remove Snap In
Select Certificates –> Add –> Computer Account –> Local Computer –> Press OK
Expand Certificates –> Right Click Intermediate Certificates Authorities –> All Tasks –> Import
Select Filename and change for “PKCS #7 Certificates (*.spc;*.p7b)”
Select the *_iis_intermediates.p7b filename
Click Next, and Select Place all Certificates in the following Store (Intermediate Certification Authorities)
Finish –> Ok
Go back to Exchange 2010 and Server Configuration and select Complete Pending Request on the certificate request you created above (at the start of this guide)
On Complete Pending request, browse to locate the Certification file.
Select All Files (*.*)
Select the .CRT or .CER file (whichever you may have)
Click Complete and both parts should be green and marked as Complete.
You then just need to Right Click on the Certificate –> Assign Services
Assign any services you want (Normally IIS, SMTP)