Understanding the Self-Signed Certificate in Exchange 2007


Understanding the Self-Signed Certificate in Exchange 2007: Exchange 2007 Help

I have been saying for a long time now that you need to use a well known 3rd party multiname cert if you want to use ActiveSync or outlook anywhere.

MS now agrees with me 🙂



When you create a certificate request you want to include the following:

  • autodiscover.domain.com
  • mail.domain.com (mail = your external name)
  • host.domain.local

Here is an example of a cert request

New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, O=Company, CN=mail.domain.com" -domainname mail.domain.com,autodiscover.domain.com,hostname,hostname.domain.local -FriendlyName mail.domain.com -privatekeyexportable:$true -path c:\cert_myserver.txt

And the import after you get the cert back

Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap


2 thoughts on “Understanding the Self-Signed Certificate in Exchange 2007

  1. After the Cert Request through exchange powershell how do you get the .cer file?
    Do you need to submit this to the Domain CA to get the .cer file?

    Also I have found that the -path parameter no longer works in 2008R2 Exchange PowerShell. I have gotten aroun this by using “$Data = ” in front of the “New-ExchangeCertificate” request and then “Set-Content -path “C:\MyCertRequest.txt” -Value $Data.FileData” on a new line. That will give the required outcome but I still am unsure on how to convert the txt to a .cer

    Any help apprecieated, Thanks

    • The .txt is the request, you give that ( or the contents) to a cert authority, then they will send you back a cert, (usualy a .pfx) after you import that you will be able to re-export that as a CER file and use other places if you want.

      The -path is specific to exchange powershell for 2007, if your using 2010 (which I hope you are since you shouldnt put 2007 on R2) the syntax is changed, thank you for the reminder and I will update the blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s