How to add a public certificate on Exchange Server 2007
I. Create CSR
- On Exchange Server 2007 the whole process is handled using Exchange Management Shell. The command is:
New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:certificate.txt -SubjectName "c=GR, l=MyCity, s=MyState/Provice, o=MyCompanyName, cn=mycompany.com" -PrivateKeyExportable:$true
The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Do not use the following characters: > < ! @ # $ % ^ * ( ) ~ ? / . &
- Provide the CSR to the Public Certification Authority and get the certificate. Usually you will be provided with a zip file with all required certificate files.
II. Install & assign the certificate
- We will need the *.cer file provided form the Public Certification Authority.
- Open Exchange Management Shell and run:
Import-ExchangeCertificate -Path C:certificate.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Note: for many cases you will need the certificate only for IIS and SMTP. So at the -Services section of th ecommand we can add only the services needed
Note2: Verify that your certificate is enabled by running:
Get-ExchangeCertificate -DomainName mycompany.com
Note3: To just enable a certificate for some services run:
Enable-ExchangeCertificate -ThumbPrint [certificatethumbprint] -Services "SMTP, IMAP, POP, IIS"
Pantelis Apostolidis is a Sr. Cloud Solutions Architect professional at Office Line SA and a recognized Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.