nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Exchange server certificate

JasminLandry

Hi guys, this post might not have enough information because I'm not sure how it is done, but I need to know how to get a certificate for an Exchange 2007 server? What's the procedure to get one? Where I work they have to renew it every year, now they want to just buy one so that they don't have to renew it every year. Is this possible?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

it_consultant

Read:

SSL Certificate Support - Cert Installation Tutorial

JBrown

Cheap SSL Cert is with GoDaddy, expansive one is with Verisign, You can buy it for 1-10 years, price depends on the company, cipher, encryption, years.
We buy for 5 years, and renew it every 4.5-4 years 10 month. You will need to generrate CSR on your exchange server, populate it with SAN ( Subject Alternate Names) if necessary; that is in case when server called asjdkl34jakdjlk3.someting.somehwere.com but you want your users to refer to it OWA.something.somewhere.com
then just publish it in IIS, and enable it on exchange.

Claymoore

Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.

https://www.digicert.com/easy-csr/exchange2007.htm

About7Narwhal

Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here?

JBrown

You will only cover YOUR domain joined workstations with that, but end users using MAC, laptops, mobile devices, home PCs will get SSL warning.

I use Goaddy's "Multiple Domains UCC" that includes 5 or more SAN names. They will give you upto 50% off the price, depending on your organization (profit/non-profit) and/or number of years you need the ssl for.

About7Narwhal wrote: »

Why not just create a certificate and add it to the trusted store for the domain? Why pay anyone? Or have I misunderstood the idea here?

jibbajabba

https://certificatesforexchange.com

They allow you to easily recreate the certs, add / remove SANs etc.

Good fast support.

fly2dw

Claymoore wrote: »

Also on the DigiCert site is the powershell command generator that creates the EMS command to generate the certificate request on 2007.

https://www.digicert.com/easy-csr/exchange2007.htm

Yep I use Digicert, they also have a great certificate checker:

SSL Certificate Tester - Check Certificates

This is very useful when uploading certificates into hardware appliances and you want to check if it is working correctly. Or when you customise your certificate and compile it back together, sometimes the chain/path can be in the wrong order, this will help detect that, so you can fix it.

undomiel

I'll toss in another recommendation for https://certificatesforexchange.com/ as well.