Exchange Server Certificate Help

rutlandict
rutlandict used Ask the Experts™
on
Hi,

I need self signed server certificate which could be used in exchange server 2011. Can someone please tell me how to create a certificate and then set that up in exchange server.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Firmin FrederickSenior IT Consultant

Commented:
there are two ways to do this, allow exchange do create one during the install or http://technet.microsoft.com/en-us/library/cc753127%28v=ws.10%29.aspx

be sure to understand that once you create a certificate you have to enable it for exchange and exchange services

i will post some more links
Firmin FrederickSenior IT Consultant

Commented:
this is a good one because it then goes on tho show you how to bind and use your certificate to enable https:// on your web page for example and it has LOTS of clever pictures - good man lol!
Firmin FrederickSenior IT Consultant

Commented:
in this link - although long winded may be worth reading, all info is good info, but for you - you need point 12. enabling the certificate for IIS and SMTP etc.

http://www.emailsecuritymatters.com/site/blog/best-practices/how-to-create-self-signed-ssl-certificate-exchange-2003-2007-2010-windows/
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Author

Commented:
Sorry but i did not get your second link...

Author

Commented:
I have created a self signed certificate for my server through IIS but i cannot see that in exchange server. Also it says issued to (server name), can i creat a self sign certificate for a domain which is pointing to the server IP.

Thanks
Viral RathodConsultant

Commented:
Please refer this article :

http://www.petenetlive.com/KB/Article/0000292.htm

you can create self signed certificate by entering below command

New-exchangecertificate -domainname test.com
(This command will create selfsigned certificate for test.com)

Author

Commented:
That tutorial is fine but i need domain certificate and want to use it in exchange server.

Thanks
Senior IT Consultant
Commented:
OK you have a certificate, have you installed it?  Let's look at it this way, when you created the certificate you saved it to a folder somewhere correct?  Find that certificate and either open its properties from right clicking or install it from right clicking.

Installing it by the wizard will put it automatically in your private key location which you then access by opening a console http://technet.microsoft.com/en-us/library/bb123831%28v=exchg.65%29.aspx

Your private store is usually the first folder and your key is in there.  again right click and then properties and in the second tab/page (Details) scroll down to thumbprint, which you can highlight and copy - I'd say copy to text file as you do not need the spaces for waht you are going to do.

In the exchange shell use these commands to enable your thumbprint/certificate

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS

read the whole article here:

http://technet.microsoft.com/en-us/library/aa997231.aspx
Viral RathodConsultant

Commented:
1) Create Selft signed domain certificate by entering command

New-exchangecertificate -domainname test.com
(This command will create selfsigned certificate for test.com)

2 )After creating the self signed certifiacte you need to enable the services

Enable-ExchangeCertificate -Thumbprint ********** -Services POP,IMAP,SMTP,IIS
(This command will enable this certificate for POP,IMAP,SMTP,IIS services.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial