In this article I will show you how to renew Exchange 2010 Self Signed Certificate. I normally use GoDaddy’s Standard UCC SSL Certificates as they are very cost affective. This process can sometimes be a very time consuming job as you will typically do this once a year or even more, then each time you have to figure it out from scratch again.
There are 4 parts that you need to do:
- Create a New Exchange 2010 Certificate request
- Renew/buy and setup your GoDaddy UCC SLL Certificate
- Complete the Exchange 2010 Pending Certificate request
- Assign the Exchange 2010 Services to the Certificate
Create a New Exchange 2010 Certificate request
Open EXCHANGE MANAGEMENT CONSOLE.
Expand MICROSOFT EXCHANGE On-Premises and click on SERVER CONFIGURATION.
Click on NEW EXCHANGE CERTIFICATE in the action bar on the right-hand side.
When the NEW EXCHANGE CERTIFICATE windows opens, type in a description of your certificate. (This can be anything, as this is only to identify the certificate if you have more than one)
Then click NEXT
On the next windows, if you use a wildcard certificate, tick the ENABLE WILDCARD CERTIFICATE and type in your wildcard domain name (e.g. *.yourdomian). Mostly you will leave this blank for a single site and domain.
Now you need to configure the services that this certificate will be used for. Use the drop down arrows to select the services that will be used, e.g. Outlook Web App, Exchange ActiveSync and POP/SMTP). Also make sure that domain names are the primary one you used/will be using in your certificate for example remote.yourdomian.com.
The next window will ask to review your certificate domains. Make sure you have your primary domain name for the certificate and the domain name added to the list. Make sure your primary domain name is SET AS COMMON NAME.
remote.yourdomain.com (Common Name)
The next window asks for the Organization details and Location details. Complete all the details as requested.
Right at the bottom, click on BROWSE and select a folder and file name for your Exchange Certificate Request. (The file name can be anything as long as you know what it is.)
A configuration summary will be shown. Check that everything is correct.
Exchange 2010 will then create the Certificate Request and also the Certificate Request File.
Under EXCHANGE CERTIFICATES you will you will see a new Certificate Name added to the list and the SELF SIGNED column will show as TRUE.
Now we need to go do GoDaddy, which is your certificate authority to create the certificate.
Renew/buy and setup your GoDaddy UCC SLL Certificate
These images are taken from the renewal process in Godaddy, but if you buy a new certificate, the process will be very similar.
First you will pay for the next period your certificate will be active, e.g. 1 year or 3 year or whatever you can afford at the moment. (I normally do this on a yearly basis)
During the payment process you will be asked to configure your certificate.
On the first screen (HOSTING), select THIRD PARTY, OR DEDICATED SERVER.
Then tick the box next to USE PREVIOUS CSR.
Go to your Certificate Request File that you just saved from the Exchange 2010 Server and open it with NOTEPAD. Copy and Paste everything in the file to the box where it states that you need to ENTER YOUR CERTIFICATE SIGNING REQUEST (CSR)
It should look something similar to this:
—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—–
When that is done, make sure your SUBJECT ALT NAMES is correct.
I normally use the following:
remote.yourdomain.com (Primary domain name)
autodiscover.yourdomain.com (Sub alt name)
mail.yourdomain.com (Sub alt name)
servername (Sub alt name)
servername.yourlocaldomain.local (sub alt name)
Then select GoDaddy as your CERTIFICATE ISSUING ORGANIZATION.
On the next window, confirm all your settings and click NEXT.
The next window will show that your certificate will be issued shortly. Click FINISHED.
Launch the SECURE CERTIFICATE SERVICE from your control panel in GoDaddy.
You will see that there is a PENDING REQUEST. GoDaddy will send an email to the domain administrator and account holder of the GoDaddy Account to verify that the Certificate is correctly acquired by you, the domain owner/administrator. Click on the link in the email to verify. Shortly after that the new certificate will appear under the CERTIFICATES folder in the SECURE CERTIFICATE SERVICE.
Select the certificate and click on the DOWNLOAD option above it. In the Download Certificate windows, select EXCHANGE 2010 from the drop down and click DOWNLOAD. A ZIP file will be downloaded to your server. Extract the ZIP file and save the certificates on your server.
Renew Exchange 2010 Self Signed Certificate pending request
Now go back to your EXCHANGE MANAGEMENT CONSOLE. Go to SERVER CONFIGURATION.
Right-click on the new certificate request you created and select COMPLETE PENDING REQUEST.
Click BROWSE and browse to the folder where you saved the content of the ZIP file.
Change the file type to *.*
From the two files that was in the ZIP file, select the .cer file and click COMPLETE
When the process is done, you will notice that your new certificate will show as SELF SIGNED = FALSE.
Assign the Exchange 2010 Services to the Certificate
Right-click on your new certificate again and select ASSIGN SERVICES TO CERTIFICATE.
On the window that opens, you need to add your EXCHANGE 2010 servers. (In my case there were only one server)
Then select all the services that your certificate will be used for.
Make sure your configuration summary is correct and click ASSIGN.
You have just completed the process of renewing your GoDaddy UCC SSL Certificate on an EXCHANGE 2010 SERVER.
Make sure that the expiry date is correct and that it shows a blue correction mark next to your certificate. Everything should be good to go!