Solved

How do I Create an SSL certificate for Exchange 2007 on SBS 2008 server

Posted on 2011-02-25
7
1,581 Views
Last Modified: 2012-05-11
I tried following the steps outlined at: http://uberzaxxon.blogspot.com/2009/03/self-signed-exchange-2007-certificates.html

One of the steps I could not follow: "open an internet browser and navigate to https://servername/certsrv"  - I would get page can't be found.

This is the command I used to create the cert request: New-ExchangeCertificate -DomainName e-mail.domainname.com, autodiscover.domainname.com -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, CN=e-mail.domainname.com"

I used the c:\windows\system32\certsrv.msc to export the pending Cert to: c:\ExchangeinboundCertificate.p7b

Then I ran this command in the exchange powershell: import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Which generates this error and no new certificate shows up for exchange:
[PS] C:\Windows\System32>import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis
WARNING: An unexpected error has occurred and debug information is being generated: CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
Import-ExchangeCertificate : CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
At line:1 char:27
+ import-exchangecertificate  <<<< -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Any help getting a new Cert for exchange so I no longer get this error I would appreciate it:  "Microsoft Exchange could not find a certificate that contains the domain name e-mail.domainname.com"
0
Comment
Question by:dougstrash
  • 4
  • 2
7 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 34980087
0
 
LVL 25

Expert Comment

by:-MAS
ID: 34980100
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 34980311
"New Exchange 2007 certificate self assigned"


New-ExchangeCertificate -FriendlyName "A New Self-Signed Certificate" -SubjectName "cn=mail.abc.com" -Domainnamemail.abc.com,exchange,exchange.abc.lan,autodiscover.abc.lan-PrivateKeyExportable:$true | Enable-ExchangeCertificate -Services POP,SMTP,IIS,IMAP

After That get-exchange certificate |fl

 
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:dougstrash
ID: 34980439
It appears the big problem I am having with all the steps is that I can't do the middle part.

This is not working, I get 404 - not found - how do I fix this so that I can use: http://2008sbsservername/certsrv
0
 

Author Comment

by:dougstrash
ID: 34982852
The problem I am having is with email in regards to SMTP.  When I try to send email using SSL I get an error saying "Microsoft Exchange could not find a certificate that contains the domain name e-mail.mydomainname.com "

That is because in Exchange management console | Server configuration | hub transport | received connectors | my receive connector under the general tab and section "Specify the FQDN this connector will provide in sresponse to HELO or EHLO: I have "e-mail.mydomainname.com"  it used to have "2008sbsservername.mydomainname.com"  which I didn't want advertised on the internet.

So this all boils down to having a certificate that is set for SMTP that contains the domain name e-mail.mydomainname.com.

Does this help clarify what my ultimate goal is?
Doug
0
 

Accepted Solution

by:
dougstrash earned 0 total points
ID: 35009305
Problem resolved -  All references were to use the web based CA to import the request and output a key that can be imported into exchange.  Since my web based CA was not coming up and no one could tell me how to fix it I used the windows based CA to move the Cert request to personal certificates, then I could see it in the exchange PS to enable the key for SMTP.

Doug
0
 

Author Closing Comment

by:dougstrash
ID: 35045600
No one else provided answer I could use since they kept saying to use the web based CA, which was not installed on my server.  So through trial and error I found out how to use the windows CA to do what I needed.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question