How to replace Exchange 2010 Self-singed Cert with Windows PKI Cert Private Internal Cert

Posted on 2010-01-05
Last Modified: 2012-05-08
Until I can get a Trusted Third Party Certificate approved by management, I would like to replace the automatically generated self-signed Exchange 2010 Certificate with Windows PKI on a Windows 2008 R2 server.  What do I need to do?
Question by:cwojcicki1099
    LVL 15

    Accepted Solution

    You need to first enable windows 2008 CA to accespt SAN request.
    From the command line on the certificate server run:

    certutil setreg policy\SubjectAltName enabled
    certutil setreg policy\SubjectAltName2 enabled
    Restart the certificate service
    Refer :

    See this Article on how to create a request for certificate

    once youhave created the request you need to submit it to your internal CA and you will get a .cer file which needs to be imported later.

    Or if you wanna do it through CMD shall you can do the follwoing

    To generate request :

    New-ExchangeCertificate -GenerateRequest -DomainName, casnetbiosname, casFQDN,, -PrivateKeyExportable $True -path c:\certrequest.req

    Once you have the request submit it to CA and When you get .cer file import by using
    Import-exchangecertificate path <full path to cert file>

    Letr you can enable for services:
    Enable-exchangecertificate  -thumbprint xxxxxxx -services IIS, SMTP

    See this :

    Author Comment

    How do I submit the request file to the internal CA?

    Author Comment

    I managed to figure out the CA request.  Thanks for your help it helped me create the temp private CA I needed.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now