[<< Full list of Exchange Server & Outlook tips.]
 
 
Exchange Server 2007: Create and Import a SSL Certificate
 
Installing certificates for use in Exchange Server 2007 involves the use of the Exchange PowerShell.
 
Microsoft documentation often has you create the certificate request using PowerShell itself.  I prefer to create the request from within IIS and then use PowerShell to import it.
 
Here are my steps for Exchange Server 2007:

1. Use IIS to create the certificate signing request (CSR)
    
2. Send the CSR to a valid certificate authority.
    
3. Receive the certificate response from the authority and then use the IIS certificate wizard to complete the certificate installation process.
    
4. Use PowerShell to determine the thumbprint of certificates on server.  Pipe the results to a text file.  The following should all be on a single line without breaks.
        Get-ExchangeCertificate | fl | out-file -filePath c:\certs.txt
    
5. Make note of the thumbprint of the appropriate certificate from the file above.
        For example, the thumbprint might be B52842F7408772B7151FF74FDAE914EA7B59B53A.
    
6. Make the certificate usable from within IIS by pasting it into the following command, all on a single line without breaks:
        Enable-ExchangeCertificate -Thumbprint
      B52842F7408772B7151FF74FDAE914EA7B59B53A -Services IIS
    
7. Make the certificate usable from within SMTP by pasting it into the following command, all on a single line without breaks:
        Enable-ExchangeCertificate -Thumbprint
        B52842F7408772B7151FF74FDAE914EA7B59B53A -Services SMTP

Credit: The PowerShell syntax was obtained from http://telnetport25.wordpress.com/2008/07/13/windows-2008-exchange-2007-renewing-an-existing-ssl-certificate-on-your-client-access-server