Link to home
Create AccountLog in
Avatar of AfftekData
AfftekData

asked on

Renew of trusted GoDaddy single SSL cert in Win SBS 2008 Exchnage 2007 SP3

Hi!

I have a Win SBS 2008 server with Exchange 2007 SP3. The GoDaddy single SSL cert that I use for OWA/ActiveSync is up for renewal. I bought a 3 y renewal from GoDaddy and now I need to get a CSR-request issued from my server. Have been trying to get this working using EMS and new-exchangecertificate cmdlet

User generated image
I get an error and can't get it to work!

Regards
Mats
Avatar of Cooker85
Cooker85
Flag of United Kingdom of Great Britain and Northern Ireland image

It looks like a required value is not set.  Try adding -DomainName yourdomain.com to the command.
Failing the above, run mmc and add the certificates snap in and try creating a custom request there.  Don't forget to mark the private key as exportable if required.
Avatar of Skyler Kincaid
Use this tool to generate the CSR command:

https://www.digicert.com/easy-csr/exchange2010.htm

You will have to edit the part of the command that has the location for it to save the text file. That is what we use and it works great.
Avatar of AfftekData
AfftekData

ASKER

I've tried the first solution to add -DomainName with no luck...
I used the digicert SCR command... No luck

Need more info on how to get the MMC solution to work. A more setp by step guide.

The Exchange server is updated to SP3 without any Rollup. Tried to install RU10, but got an error saying that I need at least Exchange server Administrator permission... I already got that... ? Note that this is a Win SBS 2008 (SWE GUI)

/Mats
Click Start, click Run, type mmc and then click OK.
In MMC, goto file add/remove snap in and find certificates and click on add and then OK.  Make sure you use computer account, not the user account.
expand Certificates - Current User, and then expand Personal.
In the right pane, right-click and point to All tasks, and then Advanced Operations and Create custom request.

You can pretty much follow the wizard from there.  Make sure you set the key size to 2048 as by default its only 1024 which most places wont accept now.  Good luck!
Are you sure...? Should I create a request under Current User Personal ... Not ander Local Computer - Personal - certificate? This is where I can see my current cert.

I tried it, but don't get any question about size 2048 or whwre to enter any info about domain name and so on... Is this really the right way?
Checked my Powershell version : 3.0... Is it compatible with SBS 2008 and Exch 2007? Could that be the problem? Can I downgrade it?
ASKER CERTIFIED SOLUTION
Avatar of AfftekData
AfftekData

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks for looking in to my issue even if we found it out ourselves!