Installing 3rd Party SSL Certificates on to Windows Server 2008 R2/Exchange 2010

We currently have a Self-Signed SSL Certificate on an Exchange 2010 Server running Windows Server 2008 R2. We purchased a third party certificate from Mediaura to replace our self-signed certificate. They sent us 3 Certificates and instructed us to install all 3. From IIS7, we were able to use the Complete Certificate Request to install the main mail.xxxxxx.org (SSL https:443) certificate successfully, but do not fully understand the function of the other two certificates or how they work in conjunction with the main certificate. Neither do we know how to or where to import these 2 certificates.
The certificates are called "AddTrustCARoot.crt" and "PositivesSSLCA2.crt".

Please help us to understand how these certificates work with the server certificate and what we need to do to correctly install these on our server.
dtssupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cristiantmCommented:
Those are the so called Certificate Chain.

A certificate chain is a path of certificates leading from your certificate (the server certificate) to a trusted anchor (root CA, that should probably be AddTrustCARoot.crt).

For verifying a certificate, a computer needs to know the path from the server certificate until a root CA that he alreay trusts. By intalling those in your server, you allow your server to send them to your clients so they can construct the path and decide if they want to trust the root CA or not.
dtssupportAuthor Commented:
How do we install the AddTrustCARoot.crt?  Do we do it differently than the Server Certificate?
cristiantmCommented:
You can find detailed instruction for that here:
http://www.entrust.net/knowledge-base/technote.cfm?tn=8166

Just select Trusted root instead of intermediate certificate for the root CA
dtssupportAuthor Commented:
What about the Third Certificate? Would it be imported into the Trusted root as well and do we can have to change the extensions? PositivesSSLCA2.crt
cristiantmCommented:
This is probably the Intermediate certificate, and should be installed exactly as the instruction o the link (no need to change the storage to the trusted certificates one)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.