Wednesday , October 23 2019

Configuring 3rd Party Exchange Certificate in Exchange 2010

Exchange 2010 creates a self-signed SAN certificate and assigns it to the services like IMAP, POP, IIS, and SMTP.

The only drawback of this self-signed certificate is that it contains the server’s FQDN and NetBIOS names only.

Where we get certificate errors on all the Clients where we need to install the Certificates manually on all the clients , which is a hassle and no one likes it in fact . Cause installing Certificate in mobile devices becomes more complex .

To avoid any certificate related errors and use it over the internet without any problems it is highly recommended that you request and assign a certificate from a Certification Authority that can be contacted from anywhere like VeriSign , Go Daddy ,DigiCert etc.. .
To request a new certificate from a trusted CA use following format:

Step 1:

Requesting a Certificate , you can use shell or GUI

GUI is much user friendly

You can refer the link below to use GUI and Export the Certificate

https://www.azure365pro.com/how-to-use-a-self-signed-certificate-in-exchange-2010/

Mail.CareExchange.in

Autodiscover.careexchange.in

are the two Needed Entries in the SSL Cert.

Or

You can use Shell to Export the Request file – My Servers FQDN is Exchange2010.careexchange.in

Replace the values as per your requirement

Generate a Request

$Data = New-ExchangeCertificate -FriendlyName 'Exchange Cert' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=IN,S="MH",L="PN",O="Exchange Messaging",OU="Enterprise Messaging",CN=mail.Careexchange.in' –DomainName 'mail.careexchange.in','autodiscover.careexchange.in -Server 'EXCHANGE2010'

You need to enter this command below in order to get the request file

Export the data into a certificate request file

Set-Content -Path C:\Certreq.req -Value $Data

Step 2:

Use this request file for submission to the CA . For Example Below Uploading a CSR in digi Cert.

and download the certificate. Save the certificate to a convenient location.

image

Step 3:

Import the certificate, Give the Correct location in the command

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\Exchangecert.pfx" -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

You can refer the link below to use GUI to import the Certificate using “Step 22”

Use Step 23 to Assign Services like IMAP, POP, IIS, and SMTP.

https://www.azure365pro.com/how-to-use-a-self-signed-certificate-in-exchange-2010/

Great !

You learnt how to Export and Import and Configure Certificates in Exchange 2010

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Save Public IPs using F5 LTM Policies

F5 has different modules and one of them is LTM – Local Traffic Manager . ...

One comment

  1. this what I was searching for

    thanks

Leave a Reply

Your email address will not be published.