MICROSOFT EXCHANGE 2007 CERTIFICATE INSTALLATION
Please make sure you have completed the following before attempting to install your certificate:
MICROSOFT EXCHANGE 2007 CSR CREATION
Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to Trustzone in order to be generated into a SSL Security Certificate
During the online enrollment process you will be required to provide a Certificate Signing Request (CSR). This encrypted data is generated from within the Exchange Management Shell and contains information about your company and Web server.
1. To generate a CSR, use the New-ExchangeCertificate cmdlet, and the -GenerateRequest parameter together with the Path parameter to define where the request file will be created. The resulting file will be a PKCS#10 request (.req) file.
This example generates a certificate request for the Exchange server: mail1. The Common Name of the Subject Name contains the Fully Qualified Domain Name (FQDN) of the server:
New-ExchangeCertificate -GenerateRequest -SubjectName “c=US, o=trustzone Ltd, cn=mail.trustzone.com, s=State/Region, l=Locality” -privatekeyexportable $true -Path c:\certificates\mail1.trustzone.req
The following items are necessary for the certificate to work correctly.
- The CSR must contain the following attributes and their values;
- Country (c)
- Organization Name (o)
- Common Name (cn)
- State (s)
- Locality (l)
- The company listed in the organization Name (O) must own the domain name that appears in commonName (CN) field of CSR
- The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Such as mail.trustzone.com
- Do not use the following characters in any of the fields in the Exchange Management Shell: < > ! @ # $ % ^ * ( ) ~ ? / \. &
2. Open the CSR text file you created in step 1 (c:\mail1.trustzone.req) in a simple text editor, such as Notepad. You will need the contents of this file during the SSL certificate purchase process. Below is an example of what your CSR will look like.
—–BEGIN NEW CERTIFICATE REQUEST—–
MIIDVDCCAr0CAQAweTEeMBwGA1UEAxMVd3d3Lmpvc2VwaGNoYXBtYW4uY29tMQ8wDQYDVQQLEwZEZXNpZ24xFjAUBgNVBAo TDUpvc2VwaENoYXBtYW4xEjAQBgNVBAcTCU1haWRzdG9uZTENMAsGA1UECBMES2VudDELMAkGA1UEBhMCR0IwgZ8wDQYJKo ZIhvcNAQEBBQADgY0AMIGJAoGBAOEFDpnOKRabQhDa5asDxYPnG0c/neW18e8apjOk1yuGRk+3GD7YQvuhBVS1x6wkw1D2R nmnZgN1nNUK0cRK7sIvOyCh1+jgD7u46mLk81j+b4YSEmYZGPLIuclyocPDm0hXayjCUqWt7z6LMIKpLym8gayEZzz9Gn97 PsbPkVFBAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4xLjI2MDAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8 EBAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSI b3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAI ABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHID gYkAk0kfHSkr4jsEVya3mgUoyaYMO456ECNZr4Cb+WhPgexfjOO5qwOG1oDOTaKycrkc5pG+IPBQnq+4cotT8hWJQwpc+qG b8xUETpxCokhrhN5079vFXq/5dsHkmtOTwkSqSnz9yruVoxYeDQ8jI3KG3HTgxwFto8oZnm+E+Y4oshUAAAAAAAAAADANBg kqhkiG9w0BAQUFAAOBgQAuAxetLzgfjBdWpjpixeVYZXuPZ+6jvZNL/9hOw7Fk5pVVXWdr8csJ6JUW8QdH9KB6ZlM4yg8Df +vat1/DG6GuD2hiIR7fQ0NtPFBQmbrSm+TTBo95lwP+ZSZTusPFTLKaqValdnS9Uw+6Vq7/I4ouDA8QBIuaTFtPOp+8wEGB HQ==
—–END NEW CERTIFICATE REQUEST—–
3. Purchase the SSL certificate. A comparison of TRUSTZONES’s SSL certificates is available to help you select the appropriate option
4. Submit the contents of the CSR. During the purchase process you will be asked to copy and paste the contents of the CSR file into a field then complete the certificate request form and wait to be contacted by a member of the TRUSTZONE vetting staff. If you order a Business SSL, Business SSL Wildcard or EV SSL you will be contacted via phone. If you have ordered an Express SSL or Mobile SSL you will receive a confirmation mail.
SSL CERTIFICATE INSTALLATION FOR MICROSOFT EXCHANGE 2007
Please follow these instructions to install your SSL certificate in Microsoft Exchange 2007.
- Copy the SSL certificate from the email and save it as “mydomain.cer”
- Open the Exchange Management Shell. Enter and run the import and enable commands, respectively:Import-ExchangeCertificate -Path C:\mydomain.cer Enable-ExchangeCertificate -Services “SMTP, IMAP, POP, IIS”
- The services can be any combination of these values: IMAP, POP, UM, IIS, SMTP
- To verify that your certificate is running and enabled run the command:Get-ExchangeCertificate -DomainName server.domain.com
- In response to the above command you should see the certificate’s thumbprint: an abbreviated list of the services and “mydomain.cer”. If your certificate is not properly enabled you can re-run the modified enable command with the certificate thumbprint:Enable-ExchangeCertificate -Thumbprint [paste thumbprint here] -Services “SMTP,IMAP, POP, IIS”
- Reboot your server and test that your certificate is working by connecting with IE, ActiveSync, or Outlook.
Last updated: August 23, 2017