Add public certificate on Exchange Server 2003

How to add a public certificate on Exchange Server 2003
On Exchange Server 2003 the whole process is performed on IIS.

I. Create CSR

  1. Open IIS Manager
  2. Go to the Default Web Site
    IIS-2003-01
  3. Right Click the default Web Site and select Properties
  4. Go to the Directory Security Tab and press the “Server Certificate” button
    IIS-2003-02
  5. The Wizard will start, select the “Create a new certificate” and press Next
    IIS-2003-03
  6. Select “Prepare the request now, but send it later” and press Next
    IIS-2003-04
  7. Enter a name and select 2048 bit length and press Next
    IIS-2003-05
  8. Type the company name at the Organization field and the department at the Organization unit field and press Next
    IIS-2003-06
  9. At the common name field enter the Pulic FQDN of the Exchange Server. In most cases is mail.domain.com. This must be an A recond on the Public DNS that points to the public IP of the Exchange server. Press Next
    IIS-2003-07
  10. Enter the regional settings and press Next
    IIS-2003-08
  11. Browse to the path that the CSR will be created and provide a name for the txt file, like certreq.txt. Press Next twice and the CSR is ready.
    IIS-2003-09

II. Provide the CSR to the Public Certification Authority and get the certificate. Usually you will be provided with a zip file with all required certificate files.

III. Install the certificate to the IIS

  1. We will need the *.cer file provided form the Public Certification Authority.
  2. Again go to the Security tab at the IIS manager and press “Server Certificate” (See I. 1-4)
  3. Now select “Process the pending request….” and press Next untill the wizard finishes. This will install the certificate.
    IIS-2003-10
  4. Restart the server

IV. Assign the certificate to Exchange

  1. To assign the certificate you need to go to each virtual directory and enable the “Require Secure Channel. “
  2. At the IIS Manager select Exchange virtual directory and  right click properties
  3. Go to the Directory Security tab. Click the Edit button in the Secure Communications section.
  4. In the Secure Communications dialogue box check the box Require Secure Channel (SSL).
Share

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.