Archive for December, 2009
Exchange 2010 – Certificate request and Installation
by admin on Dec.13, 2009, under EXCHANGE 2010
I was installing my new Exchange 2010 farm during the weekend and I realized that the certificate installation whitepapers on the technet does not work,
if you run the following command in the exchange shell as it is suggested on the technet:
Import-ExchangeCertificate -Path c:\certificates\filename.cer -friendlyname “Contoso CAS01”
you will get the following error:
A positional parameter cannot be found that accepts argument ‘-Path’.
+ CategoryInfo : InvalidArgument: (:) [Import-ExchangeCertificate], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Import-ExchangeCertificate
and if you run the following command
New-ExchangeCertificate -generaterequest -subjectname “dc=com,dc=contoso,o=Contoso Corporation,cn=exchange.contoso.com” -domainname CAS01,CAS01.exchange.corp.constoso.com,exchange.contoso.com, ,autodiscover.contoso.com -PrivateKeyExportable:$true -path c:\certrequest_cas01.txt
as it’s also suggested on the technet you will get the following error:
I have decided to write this article to help others until the samples on the technet are corrected. My examples below are tested and working.
Start the Exchange shell as administrator from the server where you want to install a certificate, type the following command to create a request file: (Don’t forget to change yourdomain.com and yourservername with your own names and addresses)
New-ExchangeCertificate -GenerateRequest -Domainname *.yourdamain.com, YOURSERVERNAME -FriendlyName YOURSERVERNAME.yourdamain.com -PrivateKeyExportable $True | Set-Content -Path c:\certrequest.txt
Send the c:\certreq.txt to your third-party CA that will issue a SAN Certificate for you, or if you want to use your own Windows CA, surf to https://yourCA/certsrv and make an advanced request to request a Web Server certificate using the text file you just created in the previous step.
After Your CA delivers a .cer file for the request that you sent in the previous step run the following command to complete the certificate request and install it at the same time:
Thumbprint Services Subject
———- ——– ——-
enter the following command by using the new certificates Thumbprint, this will enable the certificate for the IIS and SMTP
Enable-ExchangeCertificate BEAADCE41051CB7186A08C51E2503211CA54A22D -service iis
That’s it 🙂