Exchange 2007 create self signed certificates...

So, you are either using or are testing with self signed certificates. It seems there are a plethora of places to find out about how to do this. And a lot of them offer conlicting information. So here is a method that has worked with me!

 

  • On the CAS etc server you are on use the management shell to create the certificate request:

new-exchangecertificate -generaterequest -includeautodiscover -friendlyname NewCert -domainname casbox.mydomain.com,casbox,mail.mydomain.com -privatekeyexportable $true -path c:\newcertreq.req

  • Usine Internet Explorer on the CAS etc box go to https://certservername/certsrv
  • Click Request a Certificate and then go to advanced certificate request
  • Click Submit a certificate request by using.....
  • Open the c:\newcertreq.req in notepad and copy and paste the text into the Base-64 encoded certificate box
  • Select Web Server from the drop down list, then click submit
  • Click Download the certificate chain (depending on how/where your root certificate is) and save it to a .p7b file
  • Using then management shell use import-exchange certificate commandlet as below

import-exchangecertificate -path c:\thep7bfile.p7b | enable-exchangecertificate -services iis,smtp

And thats it!

You can now take a look on the Default web site in IIS and see that this has been added. Please note there can be some strange behaviour when there are multiple unnecessary certificates with the same subject names on the same server tring to do the same thing, so any mistake made along the way get rid of the bad certificates!