Certificate for Exchange 2007 - how to?

Posted on 2011-10-30
Medium Priority
Last Modified: 2012-05-12
Hi EE:

I just bought a certificate from godaddy.com and wondering how to set it up with my exchange 2007 server box - the whole 9 yards?

I'm totally new to this and have never done it before - it's my 1st server box, please be nice, thank you!

Question by:howien
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 200 total points
ID: 37054584

Assisted Solution

mmusurlian earned 200 total points
ID: 37054590
This should help... let me know if you have other questions!


LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1200 total points
ID: 37054871
Sean Daniel has written an article specifically for SBS 2008 (Exchange 2007) and a GoDaddy certificate. I recomend using the "SBS way" which is slightly different than Exchange standard. It also outlines the GoDaddy Intermediate certificate which is specific to GoDaddy.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 28

Assisted Solution

MAS earned 200 total points
ID: 37055133

Assisted Solution

kkareem earned 200 total points
ID: 37055777
Microsoft Exchange 2007
SSL Installation Guide
Following steps shall be referenced for installation of SSL
•      Generating CSR
You must first generate a certificate request by running the following command:
New-ExchangeCertificate -DomainName abc.com -SubjectName "c=us,o=XYZ,
cn=abc.com" -PrivateKeyExportable:$True -GenerateRequest:$True -Path
•      Importing Certificate
After a certificate is returned from a CA, you must import it to the Exchange server. To
correctly import a certificate for which a request was generated by using the New-
ExchangeCertificate cmdlet, run the following command:
Import-ExchangeCertificate -Path "C:\CertificateFile.cer"
•      Enabling a Certificate
Enabling a certificate lets you specify which services can use a specific certificate. The
following command enables the issued certificate for the POP3 service:
Enable-ExchangeCertificate <thumprint> -Services:"POP"
You can import and enable a certificate at the same time by running the following
Import-ExchangeCertificate -Path "C:\CertificateFile.cer" | Enable-ExchangeCertificate
•      Validating Certificate Installation
To confirm that all required steps have been completed and the certificate is installed and
operational, run the following command:
Get- ExchangeCertificate <thumbprint> | fl *
Inspect the output of this command to validate that the following information is true:
• The domain names that you expect to be present are listed in the CertificateDomains
• The HasPrivateKey property is set to True.
• The RootCAType property is set correctly.
• The required services are enabled for the certificate.

hope it will help you
(simply add certificate in Personal store of reverse proxy and restart services ISA )
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1200 total points
ID: 37056576
Again SBS is not server standard. Please make sure to use the SBS wizard to be sure all native websites have the certificate properly applied as outlined in Sean's link above. GoDaddy also has special "Intermediate Certificate" requirements which are outlined in the link.

Author Comment

ID: 37060671
Thanks Experts, really appreciates ALL your input and they really provided detail guidance from these websites links

I did choose the way of SBS wizard
the SBS wizard was really easy, user friendly and I couldn't not have done it with more confident thanks!

Just one more Question:
I gone through the SBS Wizard ways and got the Certificate installed Except the "Intermediate Certificate" which when I tried run the SBS wizard again and was prompted by "a valid certificate already existed"?!

how do I go ahead and install this 2nd one? (Intermediate Certificate)

Please Response,
LVL 78

Accepted Solution

Rob Williams earned 1200 total points
ID: 37060695
As per the link I provided http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html

Intermediate certificate:
So follow the steps from GoDaddy.com, but I’m going to paste and modify them for SBS 2008 here for you as well… These are of course subject to change without notification!!!
Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC). Agree to the UAC prompt
In the Management Console, select File; then "Add/Remove Snap In."
In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
Choose Computer Account; then click Next and Finish.
Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
Follow the wizard prompts to complete the installation procedure.
Click Browse to locate the certificate file (gd_iis_intermediates.p7b). You’ll have to change the file filter at the bottom right to PKCS #7 Certificates.
Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1200 total points
ID: 37060704
PS, you should also do the following as per the GoDaddy site:
      NOTE: If the Go Daddy Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder To do so
      13. Expand the Trusted Root Certification Authorities folder
      14. Double-click the Certificates folder to show a list of all certificates.
      15. Find the Go Daddy Class 2 Certification Authority certificate.
      16. Right-click on the certificate and select Properties.
      17. Select the radio button next to Disable all purposes for this certificate.
      18. Click OK.
      WARNING: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

Author Comment

ID: 37060735
All Instruction follow through and installation of Intermediate Certificate has completed successfully, Thank you Sir & Thank U all your Experts inputs

I will go play with the GoDaddy Logo (link)



Author Comment

ID: 37060759
(NOTE: If the Go Daddy Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder To do so)

Although i don't know what it means from the above and I have done so plus taken notes from all this with your warning message too, it's all saved in my Certificate TechNote Docs,

Thanks again!


Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question