How to add a public certificate on Exchange Server 2003
On Exchange Server 2003 the whole process is performed on IIS.
I. Create CSR
- Open IIS Manager
- Go to the Default Web Site
- Right Click the default Web Site and select Properties
- Go to the Directory Security Tab and press the “Server Certificate” button
- The Wizard will start, select the “Create a new certificate” and press Next
- Select “Prepare the request now, but send it later” and press Next
- Enter a name and select 2048 bit length and press Next
- Type the company name at the Organization field and the department at the Organization unit field and press Next
- At the common name field enter the Pulic FQDN of the Exchange Server. In most cases is mail.domain.com. This must be an A recond on the Public DNS that points to the public IP of the Exchange server. Press Next
- Enter the regional settings and press Next
- Browse to the path that the CSR will be created and provide a name for the txt file, like certreq.txt. Press Next twice and the CSR is ready.
II. Provide the CSR to the Public Certification Authority and get the certificate. Usually you will be provided with a zip file with all required certificate files.
III. Install the certificate to the IIS
- We will need the *.cer file provided form the Public Certification Authority.
- Again go to the Security tab at the IIS manager and press “Server Certificate” (See I. 1-4)
- Now select “Process the pending request….” and press Next untill the wizard finishes. This will install the certificate.
- Restart the server
IV. Assign the certificate to Exchange
- To assign the certificate you need to go to each virtual directory and enable the “Require Secure Channel. “
- At the IIS Manager select Exchange virtual directory and right click properties
- Go to the Directory Security tab. Click the Edit button in the Secure Communications section.
- In the Secure Communications dialogue box check the box Require Secure Channel (SSL).
Pantelis Apostolidis is a Sr. Cloud Solutions Architect professional at Office Line SA and a recognized Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.