mainesysadmin.com

With the client access role in exchange 2007 brought the need to work with and customize ssl for the internal domain activity of the server.  If the ssl is not replaced the Outlook clients will provide an ssl warning every time the app is launched.  To resolve this here is how you can get a custom ssl cert from your local CA.

• For generating a CSR in exchange 2007 I’ve been using this website tool: https://www.digicert.com/easy-csr/exchange2007.htm.  You can fill out the small form and then copy/paste the command that was generated into your exchange server’s management shell.  If you’re a CLI junky you can reference this bit of code and replace your information in the correct spots:

New-ExchangeCertificate -GenerateRequest -Path c:\exchange_mydomain_com.csr -KeySize 2048 -SubjectName "c=US, s=New York, l=Your City, o=Your Company, ou=Your Department, cn=exchange.mydomain.com" -DomainName exchange, exchange.mydomain.com, autodiscover, autodiscover.mydomain.com -PrivateKeyExportable $True

• The CSR will be located here:  c:\
• Use your local Microsoft CA server and import the csr to generate a new ssl certificate.
• Download the new certificate to the c:\ of your exchange server.
• Run this command in your exchange management shell to import the certificate.

Import-ExchangeCertificate -path c:\certnew.cer

(where certnew.cer is the location where you downloaded the cer from your CA server)

• Following the import the the command will output the thumbprint for the ssl.  Use the menu in the top left corner of the exchange management shell (left click once for the menu to appear).  Mark and copy the thumbprint, you need this for the next step.
• Run this last command to enable the ssl certificate for exchange usage.

Enable-ExchangeCertficate -services IIS, UM, SMTP - thumbprint "paste your thumbprint here"

(If this is just for client access you only need IIS for the service option.)