How to Request and Import a Certificate for Exchange 2013
Using Exchange Administration Center (EAC)
- Go to the "Certificates", found under "Servers".
- Select the server and press the "plus" icon for creating a new certificate request.
- Select "Create a request for a certificate from a certificate authority". Press Next.
- Type in a friendly name for the certificate. Press Next.
- If you want to create the request for a wildcard certificate, select checkbox
- I don't want a wildcard certificate, so I just let it be unchecked. Press Next.
- Press Browse and select which server you want to store it on. Press Next.
- For each service you can here type in the address, and the request will generate the names in the end.
- When you are done press Next.
- Go through the names in the list and make sure that all names that's needed are included. Press Next.
- Fill in Organization name, Department, Country, City and State. Press Next.
- Save the request file to a shared location
Example: \\Server\folder\CertRequest.cer
- When the request is completed, it shows up with the friendly name, together with the status "Pending request".
- When the certificate is issued, press the "Complete" button below the status.
- Type in the URL path to the .cer file,
\\Server\folder\CertRequest.cer
- For assigning the services to the certificates, select the certificate and press the Edit button.
- Go to "Services" and add the one's that should be used. Press Save.
- Press OK.
- Check if the services are assigned to the certificate.
Using PowerShell
Start the Exchange Management Shell, let's view the existing certificates and then make a new cert request like above. Finally import the issued certificate.
Get-ExchangeCertificate
Get-ExchangeCertificate | fl
The cmdlet below creates a new certificate request and saves it to a share
New-ExchangeCertificate -Server DEMO01 -GenerateRequest -FriendlyName Test-Exch2013 -PrivateKeyExportable $true -SubjectName "c=Canada, s=Ontario, l=Toronto, o=mylab, ou=Testlab, cn=mail.testlab.com" -DomainName mail.testlab.com,autodiscover.testlab.com -RequestFile "\\Server\folder\CertRequest.cer"
Import-ExchangeCertificate -Server DEMO01 -FileName "\\Server\folder\CertRequest.cer" -PrivateKeyExportable $true -FriendlyName Test-Exch2013
Enable-ExchangeCertificate -Thumbprint A2E6649A22A99BEAB2654BEB403C92BB9D34B404 -Services "IIS, SMTP, POP, IMAP" -Server DEMO01
Get-ExchangeCertificate