Create the Certificate Signing Request
We need to create the Csr file (Certificate Signing Request), this file is a block of encrypted text that is generated on the server that the certificate will be used on.
Open the Exchange Management Shell
- Click on the Start menu
- Go to All Programs
- Select Microsoft Exchange Server 2007
- Click on Exchange Management Shell.
Run the New-ExchangeCertificate command
Below is showed an example, you can replace the appropriate values with your own information:
New-ExchangeCertificate -domainname mail.mycompany.com, mycompany.com, mymailerver -Friendlyname mycompany.com -generaterequest:$true -keysize 2048 -path c:\certrequest.txt -privatekeyexportable:$true -subjectname "c=US, o=My Company Inc., cn=mail.mycompany.com, s=Texas, l=San Antonio, ou=Information Technology" The parameters used are:
-domainname = all the names you are going to need
-Friendlyname = easy name to remember
-keysize = Could be 1024 or 2048
-path = where you want to store the generated file
(cn=) = Common name is the most used name of your server
(o=) = Organization
(ou=) = Division of the organization
(l=) = City
(s=) = State
(c=) = Country
You can use a tool to generate the command, like the one from DigiCert
Order the certificate
Now that the CSR was generated, look for it in the path you specified on the command; this is the file you need to give when ordering it from a certificate authority (VerySing, DigiCert, AAA, etc).
Below there is a great video tutorial from DigiCert:
Install the Certificate
Open the Exchange Management Shell
- Click on the Start menu
- Go to All Programs
- Select Microsoft Exchange Server 2007
- Click on Exchange Management Shell.
Run the Import-ExchangeCertificate command
-- .p7b Certificate --
In the example below you can see how to run this command:
Import-ExchangeCertificate -path c:\mycompany.p7b | Enable-ExchangeCertificate -Services "IMAP, POP, UM, IIS, SMTP"
You can replace the parameters with your own, be sure you specified the right path were your certificated issued by the certificate authority was saved.
In the video below you can see the whole process:
-- .CRT (Root, Intermediate and Comodo Unified Communication Certificates) --
If you have received a certificate with the extension .p7b congratulations! you are done; but if instead you got three certificates you need to do couple more extra steps, do not panic this is really easy.
Install the Comodo Unified Communication certificate by running this command on the Excahnge command window:
Import-ExchangeCertificate -path c:\ASD2345.crt | Enable-ExchangeCertificate -Services "IMAP, POP, UM, IIS, SMTP"
Double click the Root certificate
Click "Install Certificate"
Click "Next"
Select "Place the certificate in the following store"
Click "Browse"
Select "Trusted Root Certification Authorities"
Right click, select All Tasks >> Import
Double click the Intermediate certificate
Click "Install Certificate"
Click "Next"
Select "Place the certificate in the following store"
Click "Browse"
Select "Intermediate Certification Authorities"
Right click, select All Tasks >> Import
Errors
If you are getting some errors try the next options.
To verify you installed correctly the certificate run the command:
Get-ExchangeCertificate | FL
Verify all the services are correct if one missing add it with the command (using ISS as example):
Enable-ExchangeCertificate -Thumbprint 29384329849482 -Service IIS
Sometimes you need to restart the services, and the last option is reboot the server.
No comments:
Post a Comment