Exchange Geek's Weblog

I'm a Geek!

Exchange 2010 EMC and Certificates Management Part – 1

Posted by Milind Naphade on 13/05/2009

Microsoft chose moving to secure messaging and secure service access since Exchange Server 2007. The only troublesome task for administrators was to manage these certificates. Folks who are highly addicted to GUI found it little hectic. Good news for those who don’t want to take too many efforts and would like to have a graphical interface that can manage certificates for exchange!

Though not with exchange 2007, Exchange 2010 Beta offers some extended functionality of creating, removing and managing certificates using GUI.

To create a new certificate you can choose the following options;


1. Select Server Configuration from left hand side pane in EMC and Exchange Certificates tab in left hand pane.



2. Right click in free space in left hand side pane of Exchange Certificates tab and select New Exchange Certificate



3. Selecting New Exchange Certificate from the context menu will bring up the introduction screen.


Here at this screen you are prompted to enter a friendly name for the certificate that will appear in EMC as a primary reference for management of certificates if you have multiple certificates created for multiple websites.


4. Once you have specified a friendly name for the certificate you are taken to the next screen upon clicking the Next button. This New Exchange Certificate screen will now gather the actual required information where you get a chance to choose among the options to use this certificate for various services.

Services like IIS based web services including Autodiscover, OWA EAS and other services like POP/IMAP, Outlook Anywhere and UM.

You can observe the screenshot below and notice that you get an option to write the URL of the service locations for OWA, EAS, Federated Services, SMTP transport, Etc. These URLs will be used in the certificate request which will be further used to write the SAN certificate information.



5. here the wizard collects the Organization related information like company name, department, location, etc. At this stage the wizard has collected almost all the information it needed. You may notice that the path right beside the Browse button is the path to the certificate request file path.



6. Next screen summarizes the information you entered.



7. And there you go with the final screen of the wizard where it displays the powershell command it will be attempting to generate the certificate request. Once you hit the Finish button the wizard completes the certificate request.



8. Here a point to be noted is; the wizard does not create an actual certificate. It will simply generate the request and keep it accessible via EMC. So when you are done with the wizard you have to manually send this request to the online CA within your Exchange/AD premises.


Limitations of New Exchange Certificate Wizard:

  1. The new Exchange Certificate Wizard does not send the request to the online CA directly unless you manually complete the pending request.
  2. Renewals of expired certificates can not be done using Exchange Certificate Wizard. You still have to user EMS for renewal of certificates.
  3. New certificates created using New Exchange Certificate Wizard does not get assigned to IIS directly though you do specify the certificate utilization for Exchange Web Services and other IIS integrated exchange services. (You may refer Permanent Link to How to renew a self signed certificate in Exchange Server 2007 for renewal of certificates)

Sorry, the comment form is closed at this time.

%d bloggers like this: