This document contains the following:

Creating New Exchange certificate using Exchange management console and generating CSR to internal Domain controller to get SAN Certificate

Installing pre-requisites for CA Server. Installing the CA Server to get SAN certificate. Submitting the Exchange 2010 CSR to get SAN certificate. Installing SAN certificate to Exchange 2010 Trusted root. Complete the pending Exchange certificate using Exchange

management console. (Importing Certificate) Enable exchange 2010 client services on SAN certificate.

Click on New Exchange Certificate from Server Configuration action console

Uncheck enable wildcard certificate and click on next

Enter the external FQDN which is registered which will be used for OWA

Enter the external FQDN which is registered which will be used for ActiveSync

Enter the external FQDN which is registered which will be used for Auto discover

Enter the external FQDN which is registered which will be used for Exchange 2003/2007

Verify the FQDN and click on next

Enter the Org. details and give the path to save CSR, Click on next

Verify the completion and observed the commands which is used via poweshell at backend.

Select IIS for Cert Server virtual directory

Click on certificate services and you will be prompted a popup for warning

Click on yes for warning message.

Select enterprise root CA and click on next

Give the common as desired and click on next

Leave the default settings and click on next

Observe the progress

Observe the progress

Click on finish to complete

Verify the virtual directory is created on CA server.

Run the above command to enable SAN certificate generate support for Windows 2003 CA server.

Login to CA server and browse local host giving the virtual directory path and select request a certificate.

Select advanced certificate

Select 2nd option

Open the Exchange CSR into text file and copy it to saved request

Copy and paste the Exchange, select webserver on certificate template and click on submit

Select base 64 encoded and click on download certificate chain

Save it to Exchange computer to complete the pending request/Import which was generated from Exchange Server.

Import the certificate 1st into Exchange computer trusted root zone.

Via EMC – Server configuration – right click the newly created exchange cert and select complete pending request.

Provide the certificate path to import in exchange server which has been generated from root CA

Verify the path and click on complete the pending request.

Verify the completion and click on finish

Make sure there is no error on the certificate console

Assign exchange client services to certificate

Select the server on which to assign the services.

Select Imap, POP & IIS and click on next

.

Verify the command and click on assign

Verify and click on finish to complete

Verify the exchange client services are assigned to the SAN certificate.

Run the above command to get the Exchange Server certificate status.

Thank You!

Hope that’s been informative to you!