Import Certificate

We are using exchange activesync/owa and created a self signed certificate for the external mail address.  Now all of our internal mail clients (outlook 2007) are receiving a certificate error stating "The name on the security certificate is invalid or does not match the name of the site".  We have purchased a multidomain certificate from GoDaddy to satisfy both the internal and external names for the mail server.  We received 2 files - one is a .p7b file and the other is .crt file.  How do we get this certificate imported/installed on the server?  Thanks in advance for the responses.
spccuAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
please follow the steps from godaddy:
http://help.godaddy.com/article/4877

they're very specific and work great

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B HCommented:
"securepaynet" and "godaddy" are the same thing, those are the same as my link :0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Jamie McKillopIT ManagerCommented:
Hello,

After you get your certificate imported, you need to make sure you configure the web services URLs correctly. If you are getting certificate errors on your internal clients, the InternalURL parameters are likely not configured to match one of the names on your certificate.

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html

JJ
Satya PathakLead Technical ConsultantCommented:
Some important points:

1. If you are creating a self-signed certificate, it is always better to create one that has all the subject alternative names specified above. This will prevent any certificate security warnings related to name mismatch. If you are creating single-name self-signed certificate, you would have to modify internal URIs of multiple virtual directories as explained in KB940726. The other benefit of multiple SANs is avoiding event 12014 and similar events.

2. Autodiscover for non-domain joined machines will work only after record is created in external DNS

3. You will have to install the certificate in the trusted root on client machines else you will receive a certificate warning. On Vista machines, you will have to run IE with elevated privileges to be able to install the certificate when you open OWA.

4. You can use group policy to install the certificate in trusted root (applicable only to domain joined machines). Copy to file the self-signed certificate (ideally in .p7b format) and then edit the default domain policy and import the certificate into "Computer Settings\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities". No user intervention is required once you do this. (Users would have to install the certificate themselves on non-domain joined machines).
spccuAuthor Commented:
These links are have been very helpful.  I was able to successfully install the Intermediate Certificate Bundle.  However when I attempt to Install the UCC certificate - it is failing.   Just curious both sites mention using "Import-ExchangeCertificate -Path "c:\CertificateFile.cer" - I don't have a .cer file.  Ems Import-ExchangeCertificate seems to complete but when checking Admin Tools\IIS Services\Server Certificates the new cert is not listed.  If I choose Import or Complete Cert Request I get errors.
spccuAuthor Commented:
We had to regenerate the certificate request and get a new certifcate from godaddy as the original certificate was throwing errors for us.  After receiving a second certificate and following the steps listed from the article - the multidomain certificate imported correctly for us.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.