Solved

How do I Create an SSL certificate for Exchange 2007 on SBS 2008 server

Posted on 2011-02-25
7
1,595 Views
Last Modified: 2012-05-11
I tried following the steps outlined at: http://uberzaxxon.blogspot.com/2009/03/self-signed-exchange-2007-certificates.html

One of the steps I could not follow: "open an internet browser and navigate to https://servername/certsrv"  - I would get page can't be found.

This is the command I used to create the cert request: New-ExchangeCertificate -DomainName e-mail.domainname.com, autodiscover.domainname.com -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, CN=e-mail.domainname.com"

I used the c:\windows\system32\certsrv.msc to export the pending Cert to: c:\ExchangeinboundCertificate.p7b

Then I ran this command in the exchange powershell: import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Which generates this error and no new certificate shows up for exchange:
[PS] C:\Windows\System32>import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis
WARNING: An unexpected error has occurred and debug information is being generated: CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
Import-ExchangeCertificate : CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
At line:1 char:27
+ import-exchangecertificate  <<<< -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Any help getting a new Cert for exchange so I no longer get this error I would appreciate it:  "Microsoft Exchange could not find a certificate that contains the domain name e-mail.domainname.com"
0
Comment
Question by:dougstrash
  • 4
  • 2
7 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 34980087
0
 
LVL 25

Expert Comment

by:-MAS
ID: 34980100
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 34980311
"New Exchange 2007 certificate self assigned"


New-ExchangeCertificate -FriendlyName "A New Self-Signed Certificate" -SubjectName "cn=mail.abc.com" -Domainnamemail.abc.com,exchange,exchange.abc.lan,autodiscover.abc.lan-PrivateKeyExportable:$true | Enable-ExchangeCertificate -Services POP,SMTP,IIS,IMAP

After That get-exchange certificate |fl

 
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:dougstrash
ID: 34980439
It appears the big problem I am having with all the steps is that I can't do the middle part.

This is not working, I get 404 - not found - how do I fix this so that I can use: http://2008sbsservername/certsrv
0
 

Author Comment

by:dougstrash
ID: 34982852
The problem I am having is with email in regards to SMTP.  When I try to send email using SSL I get an error saying "Microsoft Exchange could not find a certificate that contains the domain name e-mail.mydomainname.com "

That is because in Exchange management console | Server configuration | hub transport | received connectors | my receive connector under the general tab and section "Specify the FQDN this connector will provide in sresponse to HELO or EHLO: I have "e-mail.mydomainname.com"  it used to have "2008sbsservername.mydomainname.com"  which I didn't want advertised on the internet.

So this all boils down to having a certificate that is set for SMTP that contains the domain name e-mail.mydomainname.com.

Does this help clarify what my ultimate goal is?
Doug
0
 

Accepted Solution

by:
dougstrash earned 0 total points
ID: 35009305
Problem resolved -  All references were to use the web based CA to import the request and output a key that can be imported into exchange.  Since my web based CA was not coming up and no one could tell me how to fix it I used the windows based CA to move the Cert request to personal certificates, then I could see it in the exchange PS to enable the key for SMTP.

Doug
0
 

Author Closing Comment

by:dougstrash
ID: 35045600
No one else provided answer I could use since they kept saying to use the web based CA, which was not installed on my server.  So through trial and error I found out how to use the windows CA to do what I needed.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question