Renew MS Exchange Trusted Certificate

Here are steps I use to renew MS Exchange 2007 trusted Rapid SSL certificate:

  1. On the Exchange Server open IIS 7 Manager (Internet Information Services)  
    • Go to Server name > Server Certificates
    • In Actions panel click on Create Certificate Request
    • Fill all certificate request fields and save the request as request.txt file.

      Common Name: full webmail URL

      Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider
      Bit Length: 2048
  2. Upload certificate request string (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) to Rapid SSL when prompted and complete the order / verification process.
  3. Save your new certificate (Rapid SSL normally sends it as plain text via email) into certificate.cer file (including lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
  4. Go back to IIS 7 Manager, click on Complete Certificate Request and upload the certificate.cer file.
  5. Open Exchange Management Shell
    • Run Get-ExchangeCertificate | List to list all certificates present on the server.
    • Find your newly installed certificate and copy its Thumbprint value
    • Run following command to enable your new certificate for all Exchange services:
      Enable-ExchangeCertificate -thumbprint "B1BB978024A347BAC22438D6432C1B123AFAF11A" -services IIS, POP, SMTP, IMAP
      Replace thumbprint value with text copied in the previous step.
    • Run Get-ExchangeCertificate | List again to make sure the certificate is now enabled for all required Exchange services.

Windows Server 2008
MS Exchange 2007 Standard


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait