In order to have a SAN certificate on a cas server we need the execute the following actions:
STEP 1: create a certificate request on the exchange CAS server
Run the following code in powershell:
( This code is for Exchange 2010. The code is slightly different for Exchange Server 2007 )
The subject name is the servername or - in case that a cas-array is used - the cas-array fqdn.
$data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=....., s=....., l=....., o=......., cn=mail.heerwegh.com" -DomainName "mail.heerwegh.com" -PrivateKeyExportable $True -IncludeServerFQDN -IncludeServerNetBIOSName
First we'll put the certificate request in a temp variable. After that we'll write it to a file:
set-content -path "C:\logs\latestrequest.req" -Value $data
Open up the new file and copy it's contents.
STEP 2: issue this certificate request to the Certificate authority within the domain.
Ensure that the webserver certificate on the CA has it's validity period extended to about 5 years ( this is a commonly used value ). Default the certificate is valid during 2 years. That's short so it'll be beter to extend this.
issue the certificate request to the website of the CA or elsewhere: https://
STEP 3: Import the certificate that was created by the internal CAbr/>
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -path c:\logs\certnew.cer -Encoding byte -ReadCount 0))
Get-ExchangeCertificate | fl
This command normally will return 2 or 3 certificates. Whick certificate is the one that you'll have to enable ?
Choose the certificate that has SelfSigned = $false and with the correct validity period. copy the thumprint value of that certificate and use it in the next command:br/>
Enable-ExchangeCertificate -server ....... -Services "IMAP,POP,IIS,SMTP" -Thumbprint ............................