?
Solved

How do I Create an SSL certificate for Exchange 2007 on SBS 2008 server

Posted on 2011-02-25
7
Medium Priority
?
1,621 Views
Last Modified: 2012-05-11
I tried following the steps outlined at: http://uberzaxxon.blogspot.com/2009/03/self-signed-exchange-2007-certificates.html

One of the steps I could not follow: "open an internet browser and navigate to https://servername/certsrv"  - I would get page can't be found.

This is the command I used to create the cert request: New-ExchangeCertificate -DomainName e-mail.domainname.com, autodiscover.domainname.com -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, CN=e-mail.domainname.com"

I used the c:\windows\system32\certsrv.msc to export the pending Cert to: c:\ExchangeinboundCertificate.p7b

Then I ran this command in the exchange powershell: import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Which generates this error and no new certificate shows up for exchange:
[PS] C:\Windows\System32>import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis
WARNING: An unexpected error has occurred and debug information is being generated: CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
Import-ExchangeCertificate : CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
At line:1 char:27
+ import-exchangecertificate  <<<< -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Any help getting a new Cert for exchange so I no longer get this error I would appreciate it:  "Microsoft Exchange could not find a certificate that contains the domain name e-mail.domainname.com"
0
Comment
Question by:dougstrash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 34980087
0
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 34980100
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 34980311
"New Exchange 2007 certificate self assigned"


New-ExchangeCertificate -FriendlyName "A New Self-Signed Certificate" -SubjectName "cn=mail.abc.com" -Domainnamemail.abc.com,exchange,exchange.abc.lan,autodiscover.abc.lan-PrivateKeyExportable:$true | Enable-ExchangeCertificate -Services POP,SMTP,IIS,IMAP

After That get-exchange certificate |fl

 
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:dougstrash
ID: 34980439
It appears the big problem I am having with all the steps is that I can't do the middle part.

This is not working, I get 404 - not found - how do I fix this so that I can use: http://2008sbsservername/certsrv
0
 

Author Comment

by:dougstrash
ID: 34982852
The problem I am having is with email in regards to SMTP.  When I try to send email using SSL I get an error saying "Microsoft Exchange could not find a certificate that contains the domain name e-mail.mydomainname.com "

That is because in Exchange management console | Server configuration | hub transport | received connectors | my receive connector under the general tab and section "Specify the FQDN this connector will provide in sresponse to HELO or EHLO: I have "e-mail.mydomainname.com"  it used to have "2008sbsservername.mydomainname.com"  which I didn't want advertised on the internet.

So this all boils down to having a certificate that is set for SMTP that contains the domain name e-mail.mydomainname.com.

Does this help clarify what my ultimate goal is?
Doug
0
 

Accepted Solution

by:
dougstrash earned 0 total points
ID: 35009305
Problem resolved -  All references were to use the web based CA to import the request and output a key that can be imported into exchange.  Since my web based CA was not coming up and no one could tell me how to fix it I used the windows based CA to move the Cert request to personal certificates, then I could see it in the exchange PS to enable the key for SMTP.

Doug
0
 

Author Closing Comment

by:dougstrash
ID: 35045600
No one else provided answer I could use since they kept saying to use the web based CA, which was not installed on my server.  So through trial and error I found out how to use the windows CA to do what I needed.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question