Exchange 2010 creates a self-signed SAN certificate and assigns it to the services like IMAP, POP, IIS, and SMTP.
The only drawback of this self-signed certificate is that it contains the server’s FQDN and NetBIOS names only.
Where we get certificate errors on all the Clients where we need to install the Certificates manually on all the clients , which is a hassle and no one likes it in fact . Cause installing Certificate in mobile devices becomes more complex .
To avoid any certificate related errors and use it over the internet without any problems it is highly recommended that you request and assign a certificate from a Certification Authority that can be contacted from anywhere like VeriSign , Go Daddy ,DigiCert etc.. .
To request a new certificate from a trusted CA use following format:
Requesting a Certificate , you can use shell or GUI
GUI is much user friendly
You can refer the link below to use GUI and Export the Certificate
are the two Needed Entries in the SSL Cert.
You can use Shell to Export the Request file – My Servers FQDN is Exchange2010.careexchange.in
Replace the values as per your requirement
Generate a Request
$Data = New-ExchangeCertificate -FriendlyName 'Exchange Cert' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=IN,S="MH",L="PN",O="Exchange Messaging",OU="Enterprise Messaging",CN=mail.Careexchange.in' –DomainName 'mail.careexchange.in','autodiscover.careexchange.in -Server 'EXCHANGE2010'
You need to enter this command below in order to get the request file
Export the data into a certificate request file
Set-Content -Path C:\Certreq.req -Value $Data
Use this request file for submission to the CA . For Example Below Uploading a CSR in digi Cert.
and download the certificate. Save the certificate to a convenient location.
Import the certificate, Give the Correct location in the command
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path "C:\Exchangecert.pfx" -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password
You can refer the link below to use GUI to import the Certificate using “Step 22”
Use Step 23 to Assign Services like IMAP, POP, IIS, and SMTP.
You learnt how to Export and Import and Configure Certificates in Exchange 2010