I still have a few clients that are using self-signed certificates. Most of my clients I have purchased certificates especially if they are connecting externally with their phone. So I needed to create a new self-signed certificate for a client that recently expired. I Googled it and found many sites with different ways of doing it. I found this one that I used. Basically here are the steps:
From a Exchange Shell Command line you run this command.
$Data = New-ExchangeCertificate -GenerateRequest -SubjectName “c=US, o=Organization Name, cn=fqdn.organization.com” -DomainName organization.com, secondarydomain.com -PrivateKeyExportable $true
Set-Content -path “C:\Docs\MyCertRequest.req” -Value $Data
Now for me to use this I checked the expired certificate and found the Subject Name was CN=SERVERNAME . Also for the DomainName it was SERVERNAME and the secondary one is SERVERNAME.DOMAIN.LOCALĀ I used the same parameters in order for it to work. Also the C:\Docs folder I created ahead of time.
Next thing you do is get the thumbprint
get-exchangecertificate
This will show all the thumbprint. I then copied the thumbprint of the first one (The new one) and then pasted it in the following
get-exchangecertificate -thumbprint asdfdefghijklmnopqrstuvwxyz | new-exchangecertificate
I did not do the 4th part. I changed the associated protocols using the Exchange GUI under Servers-Certificates.
Recent Comments