UC Certificate for Exchange Servers

Root Folder > Microsoft Exchange
Shell Commands for Generating a CSR and Assign a SSL Certificate for Exchange servers.

For Exchange 2003, generating a certificate is all done through the IIS management MMC for the Default Website. Just make sure to use the 2048-bit to create the CSR.  Once the Certificate is processed and delivered, assign the certificate to the pending request.

For Exchange 2007 and 2010, try to get the 10 domain UC Certificate purchase.

For Exchange 2007...
Generate the Certificate using Exchange Management Shell -
New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname "c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com" -domainname SubjectAlternativeName1, SubjectAltName2, SubjectAltName3, SubjectAltName4 -PrivateKeyExportable $true -path c:\certrequest.txt

For Exchange 2010...
New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname "c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com" -domainname SubjectAlternativeName1, SubjectAltName2, SubjectAltName3, SubjectAltName4 -PrivateKeyExportable $true

Save the Hash file!


cn=YourDomainName.com is the first domain i.e. test.com
SubjectAlternativeName1 - mailhost.test.com
SubjectAlternativeName2 - autodiscover.test.com
SubjectAlternativeName3 - actualhostname.test.com
SubjectAlternativeName4 - actualhostname.localdomain.local
SubjectAlternativeName5 - autodiscover.localdomain.local

Assigning the Certificate once it is received - 
If the SSL Provider provides an Intermediate Certificate, install it to the server with the automated location for the authority.  It will detect correctly, for the most part.

Import the Certificate (Exchange 2007)-
Import-ExchangeCertificate -Path C:\CertificateFile.crt

Import the Certificate (Exchange 2010)-
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\CertificateFile -Encoding byte -ReadCount 0))

A set of thumbprints will be listed.  Copy the thumbprint that is assigned to the new imported certificate and enable it to the Exchange server w/ its required services
Get-ExchangeCertificate

Enable the Certificate - 
Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS, IMAP"

Test using ActiveSync & https://mailhost.test.com/owa

All should be working at this point... Additional configuration may be required for other functions such as EWS, RPC over HTTPs (Outlook Anywhere), etc...

Add Feedback