Monday, 6 February 2017

RENEW CERTIFICATE ON EXCHANGE SERVER

If the certificate is already expired on Exchange server (07/10).  Below is the steps to renew it:

Step 1:  Verify and check the current certificate installed on exchange (CAS) server.  With run the ExchangeShell command syntax as below:

get-exchangecertificate | FL

Step 2:  Generate CSR from the exchange (CAS) server.  With run the ExchangeShell command syntax as below:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\CertCSR.txt -SubjectName "c=MY, l=Kuala Lumpur, s=WP, o=Company, cn=webmail.company.com.my" -DomainName webmail.company.com.my, ex01.company.com.my, ex02.company.com.my, autodiscover.company.com.my, ex01, ex02, -PrivateKeyExportable:$true

Step 3:  Send the CSR file to the trusted certificate provider or internal certificate authority server.

Step 4 :  After received the .cer file from certificate provider or certificate authority server. We need to import the certificate (*.cer) to the Certificate, Personal Store.  And enable the certificate to the services.  Run the exchangeShell command syntax as below:

Import-ExchangeCertificate -Path c:\Cert\cert_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

 Note:  The .PFX file are required if we have other exchange (CAS) server or reverse proxy (ISA/TMG) for Web publishing (OWA, ActiveSync, Outlook Anywhere).

Step 5:  To Generate the PFX file, you can export the PFX file from the exchange (CAS) server that you just installed the new certificate.
a.  Go to Run, and type MMC.
b.  On MMC, go to File and select Add/Remove Snap-in..
c.  Select Certificate, and click Add
d.  Chose Computer Account and click Next and Finish. 
e.  Click OK.
f.  Expand the Certificate, Personal
g.  Select the certificate that you just renew and select Export.
h.  On the Certificate Export wizard, the Personal Information Exchange (.PFX) selected and click Include all certificate..... and Export all......
i.  On the Certificate Export wizard enter the password and click Next with take note the PFX file will be stored..go trough the wizard until finish.  Then you need to copy the .PFX file to other server for the certificate install.


Reference URL:

 Exchange 2007 CSR Creation Instructions
https://www.digicert.com/csr-creation-microsoft-unified-communications.htm
https://www.digicert.com/csr-creation-microsoft-exchange-2010.htm

Check CSR online
https://www.sslshopper.com/csr-decoder.html

SSL Certificate Installation in Exchange 
https://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm
https://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)