External certificate for OWA

Could you help me to clarify the thing with a certificate. Usually, when open Owa I get the error message:

There is a problem with this website's security certificate.

As far as I know I need to purchase the one(for example from Godaddy),so I did, but the question is how to import it correctly and make the error message dissapear once for all.

By the way I found a manual on go daddy web site, but I did not get the link between Certficate snap-in(step 1-19) and  (step 23) Pending request on Exchange server, perhaps someting's missing.

Exchange server 2010 requires a Multiple Domain (UCC) Certificate to run all services securely.

To Install an SSL Certificate in Microsoft Exchange 2010

  1. To install the intermediate certificate, click Start, and then click Run..
  2. Type mmc, and then click OK. The Microsoft Management Console (Console1) window opens.
  3. In the Console1 window, click File, and then select Add/Remove Snap-in.
  4. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
  5. In the Computer Account window, select Computer Account, and then click Next.
  6. In the Select Computer window, select Local Computer, and then click Finish.
  7. In the Add or Remove Snap-ins window, click OK.
  8. In the Console1 window, click + to expand the Certificates (Local Computer) folder on the left.
  9. Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
  10. In the Certificate Import Wizard window, click Next.
  11. Click Browse to find the intermediate certificate file.
  12. In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7bfile, and then click Open.
  13. In the Certificate Import Wizard window, click Next.
  14. Select Place all certificates in the following store, and then click Browse.
  15. In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
  16. In the Certificate Import Wizard window, click Next.
  17. Click Finish.
  18. Click OK.
  19. Close the Console1 window, and then click No to remove the console settings.
  20. To install the primary certificate, click Start, click All Programs, Microsoft Exchange Server 2010, and then click Exchange Management Console.
  21. In the Exchange Management Console, click Microsoft Exchange On-Premises, and then click Manage Databases.
  22. Click Server Configuration.
  23. In Exchange Certificates, select your certificate, and then, from the Actions panel on the right, click Complete Pending Request.
  24. In the Complete Pending Request window, click Browse to locate the certificate file.
  25. In the Open window, select All Files(*.*) as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open.
  26. In the Complete Pending Request window, click Complete.

    NOTE: If you receive the error, "The source data is corrupted or not properly Base64 encoded," check the Self Signed field. If it is True, refresh console by pressing F5 on your keyboard. If it still displays True, create a new CSR and then re-key your certificate.

  27. Click Finish.
  28. In the Exchange Management Console, select your certificate in Exchange Certificates.
  29. From the Actions menu, click Assign Services to Certificate.
  30. In the Assign Services to Certificate window, select the servers you want to assign services to, and then click Next.
  31. Select services you want to assign to the certificate, and then click Next.
  32. Click Assign.
  33. Click Finish.

Thank you in advance


February 17th, 2015 1:54am

Hi Santarem,

Exchange Certificate Management ought to be done using the Exchange-Shell (not the GUI - it's buggy). Can't tell you how this is done together with GoDaddy CA, we usually don't have our Exchange communicating directly with the internet, so we use an internal CA to issue certificates, which is fairly trivial:

# Step 1: generate Request:
$Data = New-ExchangeCertificate -GenerateRequest -SubjectName $SubjectName -DomainName $DomainNames -PrivateKeyExportable $true -FriendlyName $FriendlyName
Set-Content -path "C:\temp\Example.req" -Value $Data

# Step 2: Issue Certificate:
certreq -submit -attrib "CertificateTemplate:WebServer" "C:\temp\Example.req" "C:\temp\Example.cer"

# Step 3: Import Certificate and enable roles:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\temp\Example.cer" -Encoding Byte -ReadCount 0)) | Enable-ExchangeCertificate -Services IIS,POP,IMAP,SMTP

(Assume the Variables $SubjectName, $DomainNames and $FriendlyName exist and are filled with meaningful data).

As I said though - no idea how to adapt this to the GoDaddy process.

Cheers,
Fred

Free Windows Admin Tool Kit Click here and download it now
February 17th, 2015 6:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics