How do I Create an SSL certificate for Exchange 2007 on SBS 2008 server

I tried following the steps outlined at: http://uberzaxxon.blogspot.com/2009/03/self-signed-exchange-2007-certificates.html

One of the steps I could not follow: "open an internet browser and navigate to https://servername/certsrv"  - I would get page can't be found.

This is the command I used to create the cert request: New-ExchangeCertificate -DomainName e-mail.domainname.com, autodiscover.domainname.com -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, CN=e-mail.domainname.com"

I used the c:\windows\system32\certsrv.msc to export the pending Cert to: c:\ExchangeinboundCertificate.p7b

Then I ran this command in the exchange powershell: import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Which generates this error and no new certificate shows up for exchange:
[PS] C:\Windows\System32>import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis
WARNING: An unexpected error has occurred and debug information is being generated: CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
Import-ExchangeCertificate : CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
At line:1 char:27
+ import-exchangecertificate  <<<< -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Any help getting a new Cert for exchange so I no longer get this error I would appreciate it:  "Microsoft Exchange could not find a certificate that contains the domain name e-mail.domainname.com"
dougstrashAsked:
Who is Participating?
 
dougstrashAuthor Commented:
Problem resolved -  All references were to use the web based CA to import the request and output a key that can be imported into exchange.  Since my web based CA was not coming up and no one could tell me how to fix it I used the windows based CA to move the Cert request to personal certificates, then I could see it in the exchange PS to enable the key for SMTP.

Doug
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Satya PathakLead Technical ConsultantCommented:
"New Exchange 2007 certificate self assigned"


New-ExchangeCertificate -FriendlyName "A New Self-Signed Certificate" -SubjectName "cn=mail.abc.com" -Domainnamemail.abc.com,exchange,exchange.abc.lan,autodiscover.abc.lan-PrivateKeyExportable:$true | Enable-ExchangeCertificate -Services POP,SMTP,IIS,IMAP

After That get-exchange certificate |fl

 
0
 
dougstrashAuthor Commented:
It appears the big problem I am having with all the steps is that I can't do the middle part.

This is not working, I get 404 - not found - how do I fix this so that I can use: http://2008sbsservername/certsrv
0
 
dougstrashAuthor Commented:
The problem I am having is with email in regards to SMTP.  When I try to send email using SSL I get an error saying "Microsoft Exchange could not find a certificate that contains the domain name e-mail.mydomainname.com "

That is because in Exchange management console | Server configuration | hub transport | received connectors | my receive connector under the general tab and section "Specify the FQDN this connector will provide in sresponse to HELO or EHLO: I have "e-mail.mydomainname.com"  it used to have "2008sbsservername.mydomainname.com"  which I didn't want advertised on the internet.

So this all boils down to having a certificate that is set for SMTP that contains the domain name e-mail.mydomainname.com.

Does this help clarify what my ultimate goal is?
Doug
0
 
dougstrashAuthor Commented:
No one else provided answer I could use since they kept saying to use the web based CA, which was not installed on my server.  So through trial and error I found out how to use the windows CA to do what I needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.