SSL certificate exchange 2007 and iis 6

I have a client using exchange 2007 with iis 6.   I need to renew their SSL certificate.  

I generated a cert request using the exchange management console.  I wanted to know if there are any additional setps for installing the certificate because of iis 6?   or anything else anyone may think of.  

Here are the commands that I am using:
Import-ExchangeCertificate -Path "C:\cert name"


Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP -thumbprint

Any help would be appreciated
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You have the correct concept but Thumbprint is required to be in position 1. Also having the services in "quotes" would be beneficial as well. See below example...

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxx -Services "pop,imap,smtp,um,iis"

Open in new window

Confirm Y to be the default cert and your done.

hmcnastyAuthor Commented:
Thanks.  So, there shouldn't be any additional configuration for IIS 6?
Will SzymkowskiSenior Solution ArchitectCommented:
Nope that is it. You import the cert and then ensure that you've enabled it for Exchange. As you can see in the -Services we have added iis as a service, along with smtp pop etc.

Not from a cert perspective, but you also need to make sure that your virtual directories are using the same name that is on the cert as well. You should also be setting up split DNS and configure all of the internal and external virtual directories the same.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

hmcnastyAuthor Commented:
There are 3 more things I am concerned about:

1.  I am working in a backend frontend topology.  I am working on the frontend server but I was wondering if there is anything I would need to do on the backend server?

2. I was going to attempt this tomorrow and the current cert does not expire until Sunday should I just remove it?

3.  I found a few txt files the old IT company left with some references to some of the commands they used when they installed the current certificate.  Can you take a quick look and see if there is anything I need to be concerned with?

a.ertificate -Path "C:\path

df 2f 70 84 00 64 99 a9 27 48 b7 56 65 12 55 c6 e6 82 96 90

Enable-ExchangeCertificate -Thumbprint df2f7084006499a92748b756651255c6e6829690 -Services "SMTP,IIS"

certutil -repairstore my "07a88613e23d03"

Enable-ExchangeCertificate -Thumbprint df 2f 70 84 00 64 99 a9 27 48 b7 56 65 12 55 c6 e6 82 96 90
 -Services IMAP | POP | UM | IIS | SMTP -Confirm
> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Enable-ExchangeCertificate -Services IMAP, POP, UM, IIS, SMTP -thumbprint df2f7084006499a92748b756651255c6e6829690

b. this is the one I'm not sure about.  
enable-exchangecertificate -thumbprint 456d9a7ecf807746b8d551f65bc9894c002134d1 -services SMTP

Set-ClientAccessServer -Identity "server name" -AutodiscoverServiceInternalUri https://domain name/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "server name\EWS (Default Web Site)" -InternalUrl https://domain name/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "server name\oab (Default Web Site)" -InternalUrl https://domain name/oab

Set-UMVirtualDirectory -Identity "server name\unifiedmessaging (Default Web Site)" -InternalUrl https://domain name/unifiedmessaging/service.asmx


hmcnastyAuthor Commented:
I would ignore those txt entries I put in.  They are old.   I pulled the newest cert in the "get" command and viewed it.  They are using IIS, SMTP and IMAP
Will SzymkowskiSenior Solution ArchitectCommented:
What you have listed above is correct.

Just use those commands to set the virtual directories.

hmcnastyAuthor Commented:
Thanks Will.  I made the change last night and it seems to be working just fine.  I appreciate it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.