Here are steps I use to renew MS Exchange 2007 trusted Rapid SSL certificate:
- On the Exchange Server open IIS 7 Manager (Internet Information Services)
- Go to Server name > Server Certificates
- In Actions panel click on Create Certificate Request
- Fill all certificate request fields and save the request as request.txt file.
Common Name: full webmail URL
Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider
Bit Length: 2048
- Upload certificate request string (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) to Rapid SSL when prompted and complete the order / verification process.
- Save your new certificate (Rapid SSL normally sends it as plain text via email) into certificate.cer file (including lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
- Go back to IIS 7 Manager, click on Complete Certificate Request and upload the certificate.cer file.
- Open Exchange Management Shell
- Run Get-ExchangeCertificate | List to list all certificates present on the server.
- Find your newly installed certificate and copy its Thumbprint value
- Run following command to enable your new certificate for all Exchange services:
Enable-ExchangeCertificate -thumbprint "B1BB978024A347BAC22438D6432C1B123AFAF11A" -services IIS, POP, SMTP, IMAP
Replace thumbprint value with text copied in the previous step.
- Run Get-ExchangeCertificate | List again to make sure the certificate is now enabled for all required Exchange services.
Windows Server 2008
MS Exchange 2007 Standard