Add public certificate on Exchange Server 2003

How to add a public certificate on Exchange Server 2003
On Exchange Server 2003 the whole process is performed on IIS.

I. Create CSR

  1. Open IIS Manager
  2. Go to the Default Web Site
  3. Right Click the default Web Site and select Properties
  4. Go to the Directory Security Tab and press the “Server Certificate” button
  5. The Wizard will start, select the “Create a new certificate” and press Next
  6. Select “Prepare the request now, but send it later” and press Next
  7. Enter a name and select 2048 bit length and press Next
  8. Type the company name at the Organization field and the department at the Organization unit field and press Next
  9. At the common name field enter the Pulic FQDN of the Exchange Server. In most cases is This must be an A recond on the Public DNS that points to the public IP of the Exchange server. Press Next
  10. Enter the regional settings and press Next
  11. Browse to the path that the CSR will be created and provide a name for the txt file, like certreq.txt. Press Next twice and the CSR is ready.

II. Provide the CSR to the Public Certification Authority and get the certificate. Usually you will be provided with a zip file with all required certificate files.

III. Install the certificate to the IIS

  1. We will need the *.cer file provided form the Public Certification Authority.
  2. Again go to the Security tab at the IIS manager and press “Server Certificate” (See I. 1-4)
  3. Now select “Process the pending request….” and press Next untill the wizard finishes. This will install the certificate.
  4. Restart the server

IV. Assign the certificate to Exchange

  1. To assign the certificate you need to go to each virtual directory and enable the “Require Secure Channel. “
  2. At the IIS Manager select Exchange virtual directory and  right click properties
  3. Go to the Directory Security tab. Click the Edit button in the Secure Communications section.
  4. In the Secure Communications dialogue box check the box Require Secure Channel (SSL).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.