Avatar of stonneway
 asked on

Renewing an SSL certificate in Exchange 2007

I need to renew the SSL cert on our exchange 2007 server. However it seems to be a lot more difficult than in Exchange 2010. The best instructions i have found are below. Can someone which experience tell me whether this would work? The obvious thing is that the services for the SSL are only shown to be IIS where-as we use SMTP and IIS with our SSL cert.

Our SSL is with godaddy if that helps.

1.  Download your renewed certificate from your 3rd party hosting.

2.  You can save certificate on your c drive c:\nameofcertificate.crt

3.  Double click your certificate, install certificate, click next, click on Place all certificates in the following store

4.  Click Browse, click on Intermediate Certification Authorities, click next, then finish.

5.  Open Exchange Management Console to import the certificate

6.  Type Import-ExchangeCertificate press enter

7.  Type the path where certificate resides, if you left in c drive, type c:\nameofcertificate

8.  When it requests SERVICES type IIS

9.  Then it will request for thumbprint.  To find the thumbprint of the certificate, double click certificate, click on details, scroll down until you see thumbprint, copy and paste on exchange management console, press enter

10.  Your certificate should be installed already.

11.  To confirm, open IIS manager, expand until you get to Default Web Site, on the far right, click on BINDINGS

12.  Click HTTPS, click on edit, you will see the name of the certificate, click view to confirm the correct thumbprint.

These were taken from this site: http://www.waronerrors.com/kb/how-to-renew-ssl-certificate-on-microsoft-exchange-2007-when-it-has-expired.aspx

Is there another way, or a better way?

ExchangeWindows Server 2008

Avatar of undefined
Last Comment

8/22/2022 - Mon


Will that work for Exchange 2007 though, with SSL applied to other services, other than IIS?

Yes, you have to apply cert to IIS service as well so that your OWA/RPC over HTTPs/Activesync and other function to work.
Your help has saved me hundreds of hours of internet surfing.

The problem appears to be that we can't then assign the imported SSL cert to SMTP, IMAP or POP as there isn't a private key for it.
Shreedhar Ette

Repair Damaged Certificate (Windows Server 2003/2008)

1.Open MMC and add the Certificate Snap-In for the Local Computer account.

2.Double-Click on the recently imported certificate.
Note: In Windows Server 2008 it will be the certificate missing the golden key beside it.

3.Select the Details tab.

4.Click on the Serial Number field and copy that string.
Note: You may use CTRL+C, but not right-click and copy.

5.Open up a command prompt session. (cmd.exe aka DOS Prompt)

6.Type: certutil -repairstore my "SerialNumber" (SerialNumber is that which was copied down in step 4.)

7.After running the above command, go back to the MMC and Right-Click Certificates and select Refresh (or hit F5 in the MMC)

8.Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: "You have a private key that corresponds to this certificate."
Note: In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.

9.Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

sorted it myself
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.