Scenario
You’ve installed Active Directory Certificate Services and need to issue a certificate to Exchange 2010.
Solution
- Open the Exchange Management Shell (EMS) and run the following command to generate a certificate request:
New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN -DomainName mail.domain.co.uk,autodiscover.domain.co.uk -GenerateRequest -PrivateKeyExportable $true
- The request will look like this:
-----BEGIN NEW CERTIFICATE REQUEST----- MIID+BLAH-BLAH-BLAH-BLAH-BLAH-BLAH-BLAH-BLAH-BLAH-BLAH-BLAH RXhjaGFuZ2UuU2VydmljZUhvc3QuZXhlMHIGCisGAQQBgjcNAgIxZDBiAgEBHloA TQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMA cgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIDAQAwgasG CSqGSIb3DQEJDjGBnTCBmjAOBgNVHQ8BAf8EBAMCBaAwWwYDVR0RBFQwUoIPbWFp bC5tdXJvLmNvLnVrghJ3c21leDAyLm11cm8ubG9jYWyCF2F1dG9kaXNjb3Zlci5t dXJvLmNvLnVrghJXU01FWDAyLm11cm8ubG9jYWwwDAYDVR0TAQH/BAIwADAdBgNV HQ4EFgQUD8AsFUt7MLTnL/5rM3ngbsjkGxEwDQYJKoZIhvcNAQEFBQADggEBAEbn 1TXBOKUWjhO1MhphjSXrDq+dP/Q7Jyu3B1xPIFWdhc6qzLNedJIrZpfA9W3Y87hD GhvUnJqmtwrdb6kktaPbv1mLEHpWj/5gOlZ+e97yvMD1c5evkTT2nVNFI89VuKir Ux2nE3e9yzUaWlQxpXOsLZjO4KRUQm43ZqjRw2GikthU6lG/BLtwXuxD2tPICzll SOtws7Z7QlXj83kMd0ilh4FYewrwuMsv35uNkil0fFCImyZ80Ivp3XA3VVcU9WhF CNy18hxqbqkz3zRjVFK4IsEczoLxnxQ3HdVUcaR4wRaOmXmeZhuv4pJs3dUlivEE V2qP2kCurg88RCm2UiA= -----END NEW CERTIFICATE REQUEST-----
- Open a browser and navigate to your Root CA. The default URL is http:///certsrv, but I had to append /en-us (http:///certsrv/en-us) to view the welcome page:
- Click Request a certificate.
- Click advanced certificate request:
- Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file:
- Paste the certificate request text (from step 2) into the Saved Request field, select Web Server from the Certificate Template drop-down menu, click Submit:
- Select Base 64 encoded, then click Download certificate:
- Open Exchange Management Console > Server Configuration > Select your server.
- Right-click the new certificate and select Complete Pending Request:
- Browse to the downloaded certificate, then click Complete:
- Once completed, click Finish:
- Right-click the new certificate and select Assign Services to Certificate:
- Select your server, click Next:
- Select the required services, click Next:
- Click Assign:
- Click Yes to All if this warning appears:
- Once completed, click Finish:
- Job done!
Many thanks for such a helpful notes and it helped me out so quickly. loved it. Thanks again
I use this year after year as a reference to renewing my certificates. Thanks!
Great to hear these posts are still useful 😀