Renew SSL Certificate for Exchange 2007

  • by

Please refer to the following steps on how to Generate SSL Certficate for Exchange 2007

Exchange 2007
1. Open Exchange Management Shell

New-ExchangeCertificate -DomainName mail.aventistech.info, autodiscover.aventistech.info -Friendlyname "SSL For AventisTech.info" -generaterequest:$true -keysize 2048 -path C:\CertRequest.req -privatekeyexportable:$true -subjectname "c=MY, o=AventisTech, cn=mail.aventistech.info""

Exchange 2016 (Updated)
1. Open Exchange Management Shell

New-ExchangeCertificate -DomainName *.aventistech.info -Friendlyname "Internal SSL Cert" -generaterequest:$true -keysize 2048 -RequestFile "C:\CertRequest.req" `
-privatekeyexportable:$true -subjectname "c=MY, o=AventisTech, cn=mail.aventistech.info"

-----BEGIN NEW CERTIFICATE REQUEST-----
MIID5jCCAs4CAQAwQzEeMBwGA1UEAwwVbWFpbC5hdmVudGlzdGVjaC5pbmZvMRQw
EgYDVQQKDAtBdmVudGlzVGVjaDELMAkGA1UEBhMCTVkwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC9MX4bYLYpRKWhaKkbNXl8M4P0OzOd5G2mZLhaojDt
GtSi+zJyfjqs4hTdBfzEm/XcuJpt4s3GTGMEKX/GQFA7NRvdeyaNXeJD9wo8tQ1H
01X8QQBGrNITGqVHaGESMULpJMvuudE114dGDHwkyf9I4WMsnhcw1q7JtCmoLCW8
R6r40BVfX4aiC9sVPNO6+lf4Bny2687ycqff9M3CLHASbHyH0cmmd6dmb3AGtWkA
4iJVim7nRaaRtHLClQmw3l7NPtaO+mB4g6y2gfb6QBbUGOin5bvpBvvnunJDRZ0c
wATkwasuGd5+VTw8LUmtWq6S555XvIOVdpkzEE/oppdPAgMBAAGgggFcMBoGCisG
AQQBgjcNAgMxDBYKNi4yLjkyMDAuMjBdBgkrBgEEAYI3FRQxUDBOAgEFDBRMQUIt
RVgxNi5teWxhYi5sb2NhbAwPTVlMQUJcTEFCLUVYMTYkDCJNaWNyb3NvZnQuRXhj
aGFuZ2UuU2VydmljZUhvc3QuZXhlMGsGCSqGSIb3DQEJDjFeMFwwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdEQQWMBSCEiouYXZlbnRpc3RlY2guaW5mbzAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBRHz0V5NO8Wqup9+zwE4X0gsMvm1zByBgorBgEEAYI3DQIC
MWQwYgIBAR5aAE0AaQBjAHIAbwBzAG8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4A
bgBlAGwAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQA
ZQByAwEAMA0GCSqGSIb3DQEBBQUAA4IBAQBv1hLjKPGgE6mTE343Fqss8xB8/FE5
vBDbyA6LTP3QgCe/tzhaS+Od/EdgqP+HctP/Y1CJydeKx//VbvnX1lsLtcedhivt
Ml8A/2yhfPYWnIbLm34RDEtokCKT/WJrejMzzAdsYaiXeEUVQB2IdmHYnpHD4ezH
B3D+NJ047yu8B0y298IdEALNXXq7XHJZKj43xCaHXfEHx6qnK4WStSscTwfIBn85
XAwwTq8ZX+X0OZZLS1AjN/V25Nztbke+RR6g7KxFvx5eSwSI100BICm9mV2ptd69
wOdgsIVlDYBB0o/5NqgOfxQmOTiF0XWZgTsstd8jgTEczAfUPWBQU4Ue
-----END NEW CERTIFICATE REQUEST-----
  1. Login to https://LAB-AD01/certsrv (Internal Certificate Authority (CA) Server) with Domain Administrator & Password

  2. Click Request a Certificate

EX07-RenewCert-01.jpg

  1. Click Advance Certificate Request

EX07-RenewCert-02.jpg

  1. Copy & Paste the following to Saved Request and select Web Server as Certificate Template
-----BEGIN NEW CERTIFICATE REQUEST-----

-----END NEW CERTIFICATE REQUEST-----

EX07-RenewCert-03.jpg

  1. Click Download Certificate and save it to c:\certnew.cer

EX07-RenewCert-04.jpg

  1. Import the SSL Certificate
Import-ExchangeCertificate -FileName "C:\Certnew.cer" | Enable-ExchangeCertificate -Services IIS, SMTP

Thumbprint                                Subject                                                                                               
----------                                -------                                                                                               
8802125BD7DB8D7D7DBC71267FA6BCEB894BCC42  CN=mail.aventistech.info, O=AventisTech, C=MY   

However, it is strongly recommended to get a public trusted SSL Certificate, like Let’s Encrypte (Free) or Commodo Wildcard Cert for Exchange 2016.