Exchange 2010 | add local domain CA certificate

First we need to create a certificate request

Open the Microsoft Exchange Management Console and navigate to Microsoft Exchange -> Server Configuration.

On the right panel press the “New Exchange Certificate”

The “New Exchange Certificate” wizard will start. Enter a friendly name, just a name to remember what this certificate is about.

no need to check the wildcard option

At the next page select the services that you want, in most cases select all  “Client Access Server”,

Next add all the alternative names that you want to include to the certificate

fill the Organization form and select the save path

finally press “new” to create the certificate request

after this at the Exchange Certificates windows of the Exchange Management Console you will see a new item that will say “Pending request”.

Open the exported file with notepad and save it as “ASCII” encoding (the original is Unicode)

Now we need to go to our Domain’s Active Directory Certification Authority and open an elevated command prompt.

Run the command:

certreq.exe -submit -attrib CertificateTemplate:WebServer

It will ask you to select the request file, select the ACHII encoded file

and then select the Certification Authority

finally it will produce a cer file.

Go back to the Exchange Certificates window of the Exchange Management Console, select the “pending certificate request” and press “complete pending request”. Select the cer file, select the services needed (IIS, SMTP, POP, IMAP) and the wizard will create the certificate and enable it for the services.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.