Exchange 2007/2010 certificates and new Go Daddy

I found recently a situation where the Godaddy cert chain wasn’t installed and some phone clients had issues, the following is a proven request\import process to install the cert and chain.

 So I gave this process to a friend and found out that I should either rename or subtitle this post, “Getting SBS 2008 to recognige your 2048 bit certificate” – great side effect!

  1. First make your cert request in powershell, it should look something like this:
    • New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, O=Company,” -domainname,,hostname,hostname.domain.local -FriendlyName -privatekeyexportable:$true -path c:\cert_myserver.txt
    • IMPORTANT: don’t do any new cert requests or run any wizards until the cert is imported
  2. Send the cert request to Godaddy as a UCC certificate
  3. Import the Certificate to complete the request
    • Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap
  4. Export the certificate
    1. Start –> Run –> MMC –> Add Snap-in –> certificates –> Local computer
    2. Right click certificate –> all tasks –> export
      1. Include the certificate chain and private key
      2. Enter a password
  5. Re-Import certificate including chain (this imports the chain certs also)
    1. Right click in a blank area of the certificate MMC –> all tasks –> import
    2. Select the certificate you exported –> import –> include the certificate chain.


And yes there are other was to get to the same result, this is just a simple easy to explain way


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s