Obtain and install SSL certificates - Exchange 2007

Document created by user.oxriBaJeN4 Employee on Sep 7, 2015
Version 1Show Document
  • View in full screen mode

Obtaining SSL certificates

To use SSL certificates in Exchange 2007, you will need to go through a process of generating a CSR (certificate signing request) on your Exchange server, submitting the request to one of the supported Certificate Authorities, and installing the certificate on the Exchange 2007.  Once the certificate has been installed you need to enable the certificate for your chosen protocols (detailed later in this guide).

 

Command Line CSR Generation (Exchange Management Shell)

The full Microsoft support article can be viewed from the link below:

http://technet.microsoft.com/en-us/l...EXCHG.80).aspx

  1. Log into your Exchange 2007 server as an Exchange administrator
  2. Open the Exchange Management Shell and use the New-Exchangecertificate cmdlet to generate a new certificate request.   

The following command is an example that you could use.  This example assumes that:

  • Your organization is called Acme Corp
  • Your organization is located in the United Kingdom
  • Your Exchange 2007 server’s FQDN is exchange.acmecorp.com
  • You want to export your request to C:\
New-ExchangeCertificate -generaterequest -subjectname "c=GB,o=AcmeCorp,cn=mail.acmecorp.com" -domainname exchange.acmecorp.com –FriendlyName ExchangeCert -PrivateKeyExportable $true –Keysize 1024 -path c:\certrequest.txt

 

f you are unsure of how to run the above Exchange cmdlet, you will need to refer to the following Microsoft Support article for guidance:

http://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspx

 

The request.req file now needs to be submitted to the certificate authority for processing.  

Mimecast does not support self-signed certificates, so this request needs to be submitted to one of the recognized certificate authorities.

 

Installing SSL certificates

Once the certificate has been issued by the Certificate Authority, you need to import the certificate into the Exchange 2007 server.  After installing the certificate onto your Exchange server, you will need to enable it for use with the POP3 protocol.

 

Command Line Certificate Installation (Exchange Management Shell)

Once the certificate has been issued by the Certificate Authority, create a new file called certnew.cer in the same folder as the request file.  Open the certnew.cer file in Notepad and paste the encoded certificate into the file.

Note: You need to ensure that you run the following import command on the same server the CSR was generated on.

  • Open the Exchange Management Shell and run this command:
Import-ExchangeCertificate -Path c:\certnew.cer -friendlyname "ExchangeCert"

 

If you are unsure of how to run the above Exchange cmdlet, you will need to refer to the following Microsoft Support article for guidance:

http://technet.microsoft.com/en-us/library/bb310769(EXCHG.80).aspx

 

Command Line Certificate Enablement (Exchange Management Shell)

After the certificate has been installed you will need to enable it for use with the POP3 protocol. 

The first step is to obtain the certificate-thumbprint of the installed certificate.  Open the Exchange Management Shell and run the following command:

Get-ExchangeCertificate -DomainName "exchange.acmecorp.com"

 

The output should be similar to:

Thumbprint             Services   Subject
----------             --------   -------
136849A2963709E2753214BED               CN=exchange.acmecorp.com

 

The next step in this process is to enable the SL for use with the POP3 protocol.  Open the Exchange Management Shell and run the following command:

Enable-ExchangeCertificate -thumbprint <certificate-thumbprint> -services "POP"

 

If you are unsure of how to run the above Exchange cmdlet you will need to refer to the following Microsoft Support article for guidance:

http://technet.microsoft.com/en-us/library/aa995942(EXCHG.80).aspx

 

The final step is to ensure that the certificate has been enabled for successfully for POP3.  Open the Exchange Management Shell and run the following command:

Get-ExchangeCertificate -DomainName "exchange.acmecorp.com"

 

The output should besimilar to:

Thumbprint              Services    Subject
----------              --------    -------
136849A2963709E27532    P           CN=exchange.acmecorp.com

Under “Services” you should see P (POP3) listed.

 

Attachments

    Outcomes