Not posted in a while and one of my junior engineers asked this question so I thought I would prepare this guide and send him the link šŸ˜‰

First thing is to generate the CSR which you do from Exchange.

Open Exchange Management Console

Select ServerĀ Configuration and then select the server you want followed by “New Exchange Certificate” in the right hand action pane

Enter a friendly name you wont forget (I just named mine what the URL for OWA was going to be)

Tick Enable Wildcard Certificate (if using a wildcard if not just press continue)

Enter wildcard address e.g. *.microsoft.com

Fill in all the Organizational and Location information

Certification Request File path just put the path and filename (anything you want) as it will just generate a .REQ file. Put on C:Cert directory for example

Open the .REQ file in notepad and copy and paste the all of the code

I am using GoDaddy so I needed to generate a new Key. I opened my Account, Selected SSL opened *.domain.com and press Generate Key. I pasted the CSR from the .REQ earlier and it loaded and generated a .zip file which I downloaded to my Exchange 2010 Server.

Exchange 2010 Server

Unzip .zip file to C:Cert (will be 2 files)

Load MMC –> File –> Add/Remove Snap In

Select Certificates –> Add –> Computer Account –> Local Computer –> Press OK

Expand Certificates –> Right Click Intermediate Certificates Authorities –> All Tasks –> Import

Select Filename and change for “PKCS #7 Certificates (*.spc;*.p7b)”

Select the *_iis_intermediates.p7b filename

Click Next, and Select Place all Certificates in the following Store (Intermediate CertificationĀ Authorities)

Finish –> Ok

Close MMC

Go back to Exchange 2010 and Server Configuration and select Complete Pending Request on the certificate request you created above (at the start of this guide)

On Complete Pending request, browse to locate the Certification file.

Select All Files (*.*)

Select the .CRT or .CER file (whichever you may have)

Click Complete and both parts should be green and marked as Complete.

You then just need to Right Click on the Certificate –> Assign Services

Assign any services you want (Normally IIS, SMTP)

Click Assign

Finish

Leave a Reply

Your email address will not be published. Required fields are marked *