ncomper
asked on
Exchange 2010 SSL Certificate request
Hi All,
Im trying to create a Certificate request on a local Exchange 2010 server as the existing is due to expire next month. I have tried a few ways to complete the request (GUI is failing EMC>ServerConfig>New Exchange Cert). I have tried via the command line with the following:
Existing Cert:
DNS Name=autodiscover.<Externa lDomain>.c om
DNS Name=www.autodiscover.<ExternalDomain>.com
DNS Name=www.autodiscover.<ExternalDomain>.com
DNS Name=pop3.<ExternalDomain> .com
DNS Name=<Server>.<InternalDom ain>.local
DNS Name=smtp.<ExternalDomain> .com
DNS Name=autodiscover.<Interna lDomain>.l ocal
DNS Name=<Server>
DNS Name=owa.<ExternalDomain>. com
I have defaulted to the Following site to support the creation of the Cert:
https://www.digicert.com/easy-csr/exchange2010.htm
Created the following Script:
Set-Content -path ".\Autodiscover_<Domain>_c om.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=GB, s=<UK City>, l=<UK City>, o=<BusinessName>, ou=IT, cn=Autodiscover.<ExternalD omain>.com " -DomainName autodiscover.<ExternalDoma in>.com, pop3.<ExternalDomain>.com, smtp.<ExternalDomain>.com, owa.<ExternalDomain>.com -PrivateKeyExportable $True)
But the above just Hangs on "Creating a new session for implicit remoting of "New-ExchangeCertificate" command.....
Am i missing something simple here?
Im trying to create a Certificate request on a local Exchange 2010 server as the existing is due to expire next month. I have tried a few ways to complete the request (GUI is failing EMC>ServerConfig>New Exchange Cert). I have tried via the command line with the following:
Existing Cert:
DNS Name=autodiscover.<Externa
DNS Name=www.autodiscover.<ExternalDomain>.com
DNS Name=www.autodiscover.<ExternalDomain>.com
DNS Name=pop3.<ExternalDomain>
DNS Name=<Server>.<InternalDom
DNS Name=smtp.<ExternalDomain>
DNS Name=autodiscover.<Interna
DNS Name=<Server>
DNS Name=owa.<ExternalDomain>.
I have defaulted to the Following site to support the creation of the Cert:
https://www.digicert.com/easy-csr/exchange2010.htm
Created the following Script:
Set-Content -path ".\Autodiscover_<Domain>_c
But the above just Hangs on "Creating a new session for implicit remoting of "New-ExchangeCertificate" command.....
Am i missing something simple here?
ASKER
Thanks Amit,
The certificate was initially purchased via the old 3rd part support company so we do not have the ability to renew, this was initially via Godaddy so we are looking to renew with them. I have tried to follow the above URL before but the GUI throws errors each time i have tried to create the request hence the Script to create and this is also hanging
The certificate was initially purchased via the old 3rd part support company so we do not have the ability to renew, this was initially via Godaddy so we are looking to renew with them. I have tried to follow the above URL before but the GUI throws errors each time i have tried to create the request hence the Script to create and this is also hanging
You can use godaddy or digicert tool to generate from any machine. Make sure you export private key, before you are importing on Exchange server.
ASKER
Right, i wonder, could it have been possible that the previous IT company created the certificate within IIS rather than via the exchange management? If so is there a way that i can request the new certificate this way and apply it to the server via the IIS rather than the exchange?
We are moving to Exchange 365 in the next 3 months anyway so i am happy for this to be a short term fix to get us through the next 6-12 months.
thanks
We are moving to Exchange 365 in the next 3 months anyway so i am happy for this to be a short term fix to get us through the next 6-12 months.
thanks
There are several ways to create csr, IIS can also be used to create it.
ASKER
can you point me in the right direction within IIS to create a Multi Domain CRS to ensure the certificate request includes the following:
Autodiscover.<ExternalDoma in>.com
pop3.<ExternalDomain>.com,
smtp.<ExternalDomain>.com,
owa.<ExternalDomain>.com
as the default IIS GIU does not allow for the request to be built (will i need to complete with powershell?
Thanks,
Autodiscover.<ExternalDoma
pop3.<ExternalDomain>.com,
smtp.<ExternalDomain>.com,
owa.<ExternalDomain>.com
as the default IIS GIU does not allow for the request to be built (will i need to complete with powershell?
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The above where the steps that allowed me to bypass the issue i had
Or follow this
https://technet.microsoft.com/en-us/library/dd351057(v=exchg.141).aspx