Friday, 6 November 2009

How-To Prepare A Certificate With Subject Alternative Names Using Exchange Powershell

1. Use powershell from an Exchange 2007 box to generate a certificate request (all on one line and replace italics with your details):

-Path C:\NewCert.req
-DomainName fqdn1.domain.tld,fqdn1,fqdn2.domain.tld,fqdn2
-FriendlyName "fqdn1.domain.tld"
-SubjectName "CN=fqdn1.domain.tld,OU=Department,O=Organisation,L=Location,S=County,C=GB"
2. Request a certificate from your AD certificate server, (http://yourcertserver/certsrv). This needs to be an advanced request, using the request file generated above, and for a web server. Download it to your local drive as C:\CertNew.cer.

3. Import the certificate into your Exchange server using:
Import-ExchangeCertificate C:\NewCert.req

4. On the Exchange server, use the MMC certificate snap-in, export the certificate. Export it with the private key to a PFX file. Make sure you target the computer certficate store when loading the MMC. Use a password to protect the exported certificate.

5. On the target server, load the certificate MMC, again targeting the computer store and import the pfx file.

6. Using the IIS console, switch your webserver to the new certificate.

7. You can delete the original certificate from your Exchange server if you wish.

No comments:

Post a Comment