Detailed guide to install intermediate and primary SSL certificate on Microsoft Exchange Server 2007
Once CSR has been generated on Exchange 2007, you need to focus on its installation process. In this article, we will go through SSL installation on Microsoft Exchange Server 2007.
First, download zip file that contains intermediate and primary certificate, copy and paste certificate content in a text editor such as Notepad and save these files separately with .cer extension (for example: intermediate.cer and sitename.cer) on the server for future use.
Before installing primary certificate, you need to install intermediate certificate, which follows below process.
Create Certificate Snap-in:
- Browse Start > Run window > MMC (Microsoft Management Console), and click OK button.
- Click on File option > Add/Remove Snap-in.
- Click on Add under the Standalone tab.
- Choose Certificates, Click Add button
- Click on OK
- Select Computer Account and click Next button
- Select Local computer and click Finish button
- Click Close for Add or Remove Snap-ins, click OK
Install Intermediate Certificate:
- Browse Intermediate certificate Authorities > certificates on the left pane of the server
- Right click Certificates
- Now, click on All Tasks > Import
- A certificate import window will pop up, click Next button
- Select Intermediate CA certificate file and click Next tab
- Choose Place all certificates in the following store: Intermediate Certification Authorities
- Finally, Click Next, Click Finish.
Install SSL certificate on MS Exchange Server 2007
After installation of intermediate certificate, it is time to install main certificate on the server, which complies below procedure.
- Click Start > Microsoft Exchange Server 2007 > Exchange Management Shell
- Enter the following command to import SSL certificate
Import-ExchangeCertificate -Path C:\sitename.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Note: The Service option can be a combination of IMAP, POP, UM, IIS, SMTP values.
- Now verify SSL certificate that should be enabled by Get-ExchangeCertificate command.
Get-ExchangeCertificate -DomainName your.domain.name
Thumbprint Services Subject ---------- -------- ------- 136849A2963709E2753214BED76C7D6DB1E4A270 SIP.W CN=your.domain.name
In Service column, letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).
- In case, if the certificate is not properly enabled, run the Enable-ExchangeCertificate command along with pasting thumbprint of the certificate.
Enable-ExchangeCertificate -Thumbprint [paste thumbprint here] -Services "SMTP, IMAP, POP, IIS"
- You can test your certificate by connecting to the server with Internet Explorer, Outlook, and ActiveSync.
Check your Installed SSL:
It is true that your SSL installation process is over still it is wise to check its configuration with SSL installation checker. The installation checker will focus on tiny details of SSL configuration like key size, certificate provider name, certificate expiry date, serial number and many other important details.