Improve company productivity with a Business Account.Sign Up

x
?
Solved

How do I Create an SSL certificate for Exchange 2007 on SBS 2008 server

Posted on 2011-02-25
7
Medium Priority
?
1,663 Views
Last Modified: 2012-05-11
I tried following the steps outlined at: http://uberzaxxon.blogspot.com/2009/03/self-signed-exchange-2007-certificates.html

One of the steps I could not follow: "open an internet browser and navigate to https://servername/certsrv"  - I would get page can't be found.

This is the command I used to create the cert request: New-ExchangeCertificate -DomainName e-mail.domainname.com, autodiscover.domainname.com -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, CN=e-mail.domainname.com"

I used the c:\windows\system32\certsrv.msc to export the pending Cert to: c:\ExchangeinboundCertificate.p7b

Then I ran this command in the exchange powershell: import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Which generates this error and no new certificate shows up for exchange:
[PS] C:\Windows\System32>import-exchangecertificate -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis
WARNING: An unexpected error has occurred and debug information is being generated: CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
Import-ExchangeCertificate : CertEnroll::CX509Enrollment::get_Certificate: The requested property value is empty. 0x80094004 (-2146877436)
At line:1 char:27
+ import-exchangecertificate  <<<< -path c:\ExchangeinboundCertificate.p7b | enable-exchangecertificate -services iis

Any help getting a new Cert for exchange so I no longer get this error I would appreciate it:  "Microsoft Exchange could not find a certificate that contains the domain name e-mail.domainname.com"
0
Comment
Question by:dougstrash
  • 4
  • 2
7 Comments
 
LVL 29

Expert Comment

by:MAS (MVE)
ID: 34980087
0
 
LVL 29

Expert Comment

by:MAS (MVE)
ID: 34980100
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 34980311
"New Exchange 2007 certificate self assigned"


New-ExchangeCertificate -FriendlyName "A New Self-Signed Certificate" -SubjectName "cn=mail.abc.com" -Domainnamemail.abc.com,exchange,exchange.abc.lan,autodiscover.abc.lan-PrivateKeyExportable:$true | Enable-ExchangeCertificate -Services POP,SMTP,IIS,IMAP

After That get-exchange certificate |fl

 
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:dougstrash
ID: 34980439
It appears the big problem I am having with all the steps is that I can't do the middle part.

This is not working, I get 404 - not found - how do I fix this so that I can use: http://2008sbsservername/certsrv
0
 

Author Comment

by:dougstrash
ID: 34982852
The problem I am having is with email in regards to SMTP.  When I try to send email using SSL I get an error saying "Microsoft Exchange could not find a certificate that contains the domain name e-mail.mydomainname.com "

That is because in Exchange management console | Server configuration | hub transport | received connectors | my receive connector under the general tab and section "Specify the FQDN this connector will provide in sresponse to HELO or EHLO: I have "e-mail.mydomainname.com"  it used to have "2008sbsservername.mydomainname.com"  which I didn't want advertised on the internet.

So this all boils down to having a certificate that is set for SMTP that contains the domain name e-mail.mydomainname.com.

Does this help clarify what my ultimate goal is?
Doug
0
 

Accepted Solution

by:
dougstrash earned 0 total points
ID: 35009305
Problem resolved -  All references were to use the web based CA to import the request and output a key that can be imported into exchange.  Since my web based CA was not coming up and no one could tell me how to fix it I used the windows based CA to move the Cert request to personal certificates, then I could see it in the exchange PS to enable the key for SMTP.

Doug
0
 

Author Closing Comment

by:dougstrash
ID: 35045600
No one else provided answer I could use since they kept saying to use the web based CA, which was not installed on my server.  So through trial and error I found out how to use the windows CA to do what I needed.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
Are you working to mount the dismounted Exchange 2013 database? Then the best course of action is to analyze the causes of Database issue, their probable solutions and decide for the appropriate course of action.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question