Add public certificate on Exchange Server 2007

How to add a public certificate on Exchange Server 2007

I. Create CSR

  1. On Exchange Server 2007 the whole process is handled using Exchange Management Shell. The command is: 
    New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:certificate.txt -SubjectName "c=GR, l=MyCity, s=MyState/Provice, o=MyCompanyName, cn=mycompany.com" -PrivateKeyExportable:$true

    The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Do not use the following characters: > < ! @ # $ % ^ * ( ) ~ ? / . &

  2. Provide the CSR to the Public Certification Authority and get the certificate. Usually you will be provided with a zip file with all required certificate files.

II. Install & assign the certificate

  1. We will need the *.cer file provided form the Public Certification Authority.
  2. Open Exchange Management Shell and run: 
    Import-ExchangeCertificate -Path C:certificate.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

     

Note: for many cases you will need the certificate only for IIS and SMTP. So at the -Services section of th ecommand we can add only the services needed

Note2: Verify that your certificate is enabled by running:

 

Get-ExchangeCertificate -DomainName mycompany.com

 
Note3: To just enable a certificate for some services run:

 

Enable-ExchangeCertificate -ThumbPrint [certificatethumbprint] -Services "SMTP, IMAP, POP, IIS"

 

 

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.