LeviDaily
asked on
How do I setup SBS 2008, Exchange 2007 multiple domain SSL w/Go Daddy?
Just setup SBS 2008 server for a client. I purchased a multiple domain SSL from GoDaddy. I know we need to point exchange.clientdomain.com, remote.clientdomain.com, autodiscover.clientdomain. com, and mail.clientdomain.com. I see the SBS 2008 wizard. From there I can Add a Trusted Certificate, but that is only for 1 domain. Can someone point me in the right direction?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1.From the Exchange Management Shell command line, type the following:
New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\DigiCertCSR.txt -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$tru e
Although this command is too long to fit on one line here in your browser, you need to enter it into the management shell as one line. Of course, you need to replace the details listed in this sample command with the details of your own organization including your two-letter country code (c=), your city or locality (l=), your state or province (s=), and your organization legal name (o=).
Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are later added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.
2.You will now find your new CSR file named DigiCertCSR.txt in the root of your C: drive. Open this file with a text editor such as Notepad and paste the entire contents of the file, including the BEGIN and END tags to the GoDaddy.com order form.
Import them with:
Import-ExchangeCertificate -Path c:\certificates\filename.c er -friendlyname "Contoso CAS01"
Then Apply them with:
Enable-ExchangeCertificate identity <thumbprint> -services SMTP, IIS, POP3, IMAP
The thumbprint will be given after you import the cert. Make sure you create the cert with the internal and external names (including just the internal server name with no domain name), as well as autodiscover.domain.com
New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\DigiCertCSR.txt -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$tru
Although this command is too long to fit on one line here in your browser, you need to enter it into the management shell as one line. Of course, you need to replace the details listed in this sample command with the details of your own organization including your two-letter country code (c=), your city or locality (l=), your state or province (s=), and your organization legal name (o=).
Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are later added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.
2.You will now find your new CSR file named DigiCertCSR.txt in the root of your C: drive. Open this file with a text editor such as Notepad and paste the entire contents of the file, including the BEGIN and END tags to the GoDaddy.com order form.
Import them with:
Import-ExchangeCertificate
Then Apply them with:
Enable-ExchangeCertificate
The thumbprint will be given after you import the cert. Make sure you create the cert with the internal and external names (including just the internal server name with no domain name), as well as autodiscover.domain.com
If you are talking about multiple sub domains, then you just need a wildcard certificate.
ASKER
We have successfully set this up before in Exchange 2007 Standard, not SBS, but it was all Powershell based. Does anyone know if the SBS 2008 wizard works, or if we have to use Powershell?