Follow the steps below if an SSL cert exists already on another server.
Export Existing SSL Cert/Private Key
- Click on OK (in the Add/Remove Snap-in window)
- Select Computer Account
- Select Local Computer
- Click the + to Expand the Certificates Console Tree
- Look for the Personal directory/folder and expand Certificates.
- Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
- Follow the Certificate Export Wizard to backup your certificate to a .pfx file
- Choose to ‘Yes, export the private key’
- Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
- Leave default settings > Enter Password (if required)
- Choose to save file on a set location
- Finish
Importing your Certificate/Private Key (from .pfx file format)
- Start > Run
- Type in MMC and click OK
- Go into the File Tab (or Console) > select Add/Remove Snap-in
- Click on Add > Click on Certificates and click on Add, then close (to close the Add Standalone Snap-in window)
- Click on OK (in the Add/Remove Snap-in window)
- Select Computer Account
- Select Local Computer
- Click the + to Expand the Certificates Consol Tree
- Right click on the Personal Certificates Store (folder)
- Choose > ALL TASKS > Import
- Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
Follow the steps below to generate a CSR request for a new SSL Cert.
From the Exchange 2007 Shell –
New-ExchangeCertificate –GenerateRequest:$True -Path c:\mail.domain.org.csr -KeySize 2048 -SubjectName “C=US, S=State, L=City, O=Company Name, OU=Org Unit Name, CN=mail.domain.org” -DomainName mail.domain.org -PrivateKeyExportable $True
Import the SSL Cert into Exchange 2007 Server – From the Exchange 2007 Shell – “Import-ExchangeCertificate –path C:\mail.domain.org.csr”
From the Exchange 2010 Shell -
New-ExchangeCertificate –GenerateRequest:$True -KeySize 2048 -SubjectName “C=US, S=State, L=City, O=Company Name, OU=Org Unit Name, CN=mail.domain.org” -DomainName mail.domain.org -PrivateKeyExportable $True > C:\SSLName.txt
Import the SSL Cert into Exchange 2010 Server – From the Exchange 2010 Shell – “Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\CertName.cer -Encoding byte -ReadCount 0))”
Follow the steps below to enable the Standard SSL Cert on the Exchange 2007/Exchange 2010 Server.
From the Exchange Shell enable the Cert for Exchange with the “Enable-ExchangeCertificate –Services “SMTP,POP,IMAP,IIS” –thumbprint “thumbprint”
From the Exchange 2007/Exchange 2010 Management Console:
Change the “Client Receive Connector” FQDN to mail.domain.org instead of Exchange01.domain.local
From the Exchange 2007 Management Console: Server Configuration – Client Access
From Outlook Web Access Tab – “OWA (Default Web Site)” – Change Internal and External URL to https://mail.domain.org/owa
From Exchange ActiveSync Tab – “Microsoft-Server-ActiveSync” – Change Internal and External URL to https://mail.domain.org/Microsoft-Server-ActiveSync
From Offline Address Book Distribution Tab – “OAB (Default Web Site)” – Change Internal and External URL to https://mail.domain.org/oab
For Exchange 2010 Only: From the Exchange Control Panel Tab - “ecp (Default Web Site)” – Change Internal and External URL to https://mail.domain.org/ecp
From the Exchange 2007/Exchange 2010 Shell –
Change Autodiscover URL – “Get-ClientAccessServer | Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.domain.org/autodiscover/autodiscover.xml”
Change Web Services URL – “Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory –InternalUrl https://mail.domain.org/ews/exchange.asmx –ExternalUrl https://mail.domain.org/ews/exchange.asmx”