Certificate for Exchange 2007 - how to?

Posted on 2011-10-30
Last Modified: 2012-05-12
Hi EE:

I just bought a certificate from and wondering how to set it up with my exchange 2007 server box - the whole 9 yards?

I'm totally new to this and have never done it before - it's my 1st server box, please be nice, thank you!

Question by:howien
    LVL 20

    Assisted Solution

    LVL 9

    Assisted Solution

    This should help... let me know if you have other questions!

    LVL 77

    Assisted Solution

    by:Rob Williams
    Sean Daniel has written an article specifically for SBS 2008 (Exchange 2007) and a GoDaddy certificate. I recomend using the "SBS way" which is slightly different than Exchange standard. It also outlines the GoDaddy Intermediate certificate which is specific to GoDaddy.
    LVL 24

    Assisted Solution

    LVL 3

    Assisted Solution

    Microsoft Exchange 2007
    SSL Installation Guide
    Following steps shall be referenced for installation of SSL
    •      Generating CSR
    You must first generate a certificate request by running the following command:
    New-ExchangeCertificate -DomainName -SubjectName "c=us,o=XYZ," -PrivateKeyExportable:$True -GenerateRequest:$True -Path
    •      Importing Certificate
    After a certificate is returned from a CA, you must import it to the Exchange server. To
    correctly import a certificate for which a request was generated by using the New-
    ExchangeCertificate cmdlet, run the following command:
    Import-ExchangeCertificate -Path "C:\CertificateFile.cer"
    •      Enabling a Certificate
    Enabling a certificate lets you specify which services can use a specific certificate. The
    following command enables the issued certificate for the POP3 service:
    Enable-ExchangeCertificate <thumprint> -Services:"POP"
    You can import and enable a certificate at the same time by running the following
    Import-ExchangeCertificate -Path "C:\CertificateFile.cer" | Enable-ExchangeCertificate
    •      Validating Certificate Installation
    To confirm that all required steps have been completed and the certificate is installed and
    operational, run the following command:
    Get- ExchangeCertificate <thumbprint> | fl *
    Inspect the output of this command to validate that the following information is true:
    • The domain names that you expect to be present are listed in the CertificateDomains
    • The HasPrivateKey property is set to True.
    • The RootCAType property is set correctly.
    • The required services are enabled for the certificate.

    hope it will help you
    (simply add certificate in Personal store of reverse proxy and restart services ISA )
    LVL 77

    Assisted Solution

    by:Rob Williams
    Again SBS is not server standard. Please make sure to use the SBS wizard to be sure all native websites have the certificate properly applied as outlined in Sean's link above. GoDaddy also has special "Intermediate Certificate" requirements which are outlined in the link.

    Author Comment

    Thanks Experts, really appreciates ALL your input and they really provided detail guidance from these websites links

    I did choose the way of SBS wizard
    the SBS wizard was really easy, user friendly and I couldn't not have done it with more confident thanks!

    Just one more Question:
    I gone through the SBS Wizard ways and got the Certificate installed Except the "Intermediate Certificate" which when I tried run the SBS wizard again and was prompted by "a valid certificate already existed"?!

    how do I go ahead and install this 2nd one? (Intermediate Certificate)

    Please Response,
    LVL 77

    Accepted Solution

    As per the link I provided

    Intermediate certificate:
    So follow the steps from, but I’m going to paste and modify them for SBS 2008 here for you as well… These are of course subject to change without notification!!!
    Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC). Agree to the UAC prompt
    In the Management Console, select File; then "Add/Remove Snap In."
    In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
    Choose Computer Account; then click Next and Finish.
    Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
    If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
    Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
    Follow the wizard prompts to complete the installation procedure.
    Click Browse to locate the certificate file (gd_iis_intermediates.p7b). You’ll have to change the file filter at the bottom right to PKCS #7 Certificates.
    Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next
    LVL 77

    Assisted Solution

    by:Rob Williams
    PS, you should also do the following as per the GoDaddy site:
          NOTE: If the Go Daddy Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder To do so
          13. Expand the Trusted Root Certification Authorities folder
          14. Double-click the Certificates folder to show a list of all certificates.
          15. Find the Go Daddy Class 2 Certification Authority certificate.
          16. Right-click on the certificate and select Properties.
          17. Select the radio button next to Disable all purposes for this certificate.
          18. Click OK.
          WARNING: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

    Author Comment

    All Instruction follow through and installation of Intermediate Certificate has completed successfully, Thank you Sir & Thank U all your Experts inputs

    I will go play with the GoDaddy Logo (link)



    Author Comment

    (NOTE: If the Go Daddy Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder To do so)

    Although i don't know what it means from the above and I have done so plus taken notes from all this with your warning message too, it's all saved in my Certificate TechNote Docs,

    Thanks again!


    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now