One of our recently completed projects was Exchange 2003 to Exchange 2010 migration and deployment. As is customary with a new Exchange deployment, a new security certificate for the new Server where Exchange 2010 resides needed to be generated. There are a few options for obtaining/generating a security certificates. If you decide, however, to not entertain the idea of acquiring a third-party certificate as an option, you will need to generate the certificate from the server itself.
This option is also necessary to generate the certificate for Pocket PC devices that use Exchange Active Sync to synchronize data. Although certificates can be generated and/or requested using the EMC, we’ve discovered that a successful generation for the certificate necessary for these types of devices from the Shell. You need to be assigned permissions before you can perform this procedure.

The code example below outputs the certificate request in Base64 format to the command-line console. You must send the certificate request to a certification authority (CA) within the organization, a trusted CA outside the organization, or a commercial CA. You can do this by pasting the certificate request output into an e-mail message or into the appropriate field on the certificate request Web page of the CA. You can also save the certificate request to a file using a text editor such as Notepad.

The certificate that results has the following attributes associated with it:

  • Subject name: c=<US>,o=<CompanyName>,cn=mail1.domainname.com
  • Subject alternate names: domainname.com and example.com
  • An exportable private key

New-ExchangeCertificate -DomainName server.domainname.com, mail1.domainname.com, autodiscover.domainname.com, server -SubjectName “C=US,O=CompanyName,CN=mail.domainname.com” | Enable-ExchangeCertificate -Services iis

Once you’ve generated/created the new certificate, you’ll need to verify it’s been applied on the server. Also verify within IIS that the certificate is set properly. You can proceed to exporting the certificate and importing the certificate on the device. NOTE: the certificate must be installed to the Root Certificate Authority on the device.


Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Microsoft

Converting .gho Ghost files to .vhd HyperV

Open Disk Management, right click Open Disk Management Choose ‘Create VHD’, specify the virtual hard disk location:

Active Directory

Microsoft Support- ADFS Update Rollup 2

Normally Update Rollups aren’t important, but this is a feature adding and fix that just cant be ignored… http://support.microsoft.com/kb/2681584

Database

How to upgrade a SQL Server 2012 RTM Evaluation Edition server to a Licensed edition

This article provides a step-by-step instruction on how to upgrade a SQL Server 2012 RTM Evaluation Edition server to a BI edition. Similar steps can be used to upgrade to any other licensed editions, Developer/Standard/Enterprise. Read more…