About Us Products Services Partners Certification Testimonials Contact Us Support
Call Us :(718) 361-1010
Lansend Microsoft Certified Partner Microsoft Small Business Specialist

Installing a self-signed SAN SSL certificate on your Exchange Server

clock October 18, 2013 07:07 by author Ashwin Pai

Installing a self-signed SAN SSL certificate on your Exchange Server

There are many articles on the web about installing self-signed SSL certificates, but most of them assume multiple servers in a corporate environment & a certain level of knowledge and experience from the tech. It does not take into consideration the tech supporting an SBS server who has to deal with this issue once in a blue moon, when the SSL certificate expires on the server & Outlook et all start nagging. All you want to do is fix it & get out of there.

This article was pruned from the following three in-depth articles.

  1. How to create your own self signed SSL UCC SAN Certificate to use with Exchange 2007/2010
  2. How to add a Subject Alternative Name to a secure LDAP certificate MS KB 931351
  3. Issuing a Certificate for a Pending Request

In most SBS environments the Certificate server & the Exchange server are probably one and the same.
Nevertheless I have distinguished between the two by call the Certificate server as Certserver
If there is only one SBS server , then all references to a server are to the same Server

The Exchange server probably has an internal name & is on an internal domain name such as domain.local
Additionally you may have published the OWA on a different URL which to access the server from the Internet.
I have therefore referred to the Exchange Server in the following way. Please modify appropriately.

Internal name:

External name:

The same domain naming convention applies to autodiscover.

There are two text files attached to this post. You will need to download them & rename them accordingly.

request.txt (875.00 bytes)

Sancerts.txt (373.00 bytes)

  1. Sancerts.txt
    This file is a batch file & has to be run on the certificate server. It prepares the server to accept SAN requests. Presumably it has to be run only once during the lifetime of the server. Rename it to Sancerts.bat
  2. request.txt
    This is your request file. rename it to Request.inf & save it on the Exchange Server.



  1. Run the batch file Sancerts.bat on the Certificate Server , there is a pause at the end so you can verify that it was successful. If successful , press any key to close the Command window.
  2. Modify Request.inf to match your domain names & server names. If the inside & outside names & domain names are the same you need not duplicate entries.
  3. Open a command prompt on the Exchange server & navigate to the location where you saved Request.inf.
    Note: the process will create files & you should have rights to create files.
  4. At the command prompt, type the following command, and then press ENTER:
    certreq -new request.inf certnew.req.
  5. Type the following command, and then press ENTER:
    certreq -submit certnew.req certnew.cer
    You will get a popup asking you to select the Certificate server. It will probably be the same server
  6. If the above command is successful you will get a response that provides you the Request ID number to retrieve the certificate. Make a note of the number. Do not close the Window.
  7. On the certificate Server go to Administrative tools >>Certification Authority
  8. The above will bring up the CertSrv , go to Pending Requests ,  & issue the pending request , it should have today's date as you just requested it.
  9. Return back to the command prompt on the Exchange Server &type the following command, and then press ENTER:
    certreq -retrieve RequestID certnew.cer
    ReuquestID is the number you made of note of in step 6 above
  10. type the following command, and then press ENTER:
    certreq -accept certnew.cer

At this point if all goes well you have created  for & installed a new San certificate on the Exchange Server.

You now need to install this certificate on the OWA for the Exchange server ( See Image below)

  1. Open IIS Manager on the Exchange Server
  2. GO to Sites & select the site that hosts the OWA , in most instances it is the Default Website
  3. Click on Bindings in the Actions Menu on the right hand side.
  4. You should two https Types You will need to apply the certificate to both
  5. Highlight the first https & select edit a Window will pop up
  6. Under SSL certificate , use the drop down menu to select the certificate you just created
    Sadly I could not figure out a way to give it a friendly name so you may have duplicate entries of Internal.domain.local
    Select each one & click View to view the certificate & confirm that you have selected the correct certificate
    The correct certificate will have a validity date of one year from today
  7. Repeat 5 & 6 above for the other https
  8. Restart IIS & you should be done


The other SAD part is that I could not figure out how to assign the certificate for more than one year.

If anybody can figure that out please post on our Facebook page

I hate this nonsense of doing this every year
























Microsoft Exchange 2010 or 2007 Service Pack Installation Error

clock September 23, 2010 22:19 by author RakeshB

Unable to remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b. 
Unable to remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b.
Fatal error during installation. Error code is 1603.
Fatal error during installation


  1. Stop the "Microsoft Exchange Search Indexer" service and the "Microsoft Exchange Transport Log Search" service.
  2. Remove the Microsoft Full Text Indexing Engine for Exchange using msiexec.exe /X {6574fdc2-40fc-405a-9554-22d1ce15686b}
  3. Refer to http://consumer.installshield.com/kb.asp?id=Q111019 for additional causes.

Exchange 2010 New Features: Archive Mailbox

clock September 23, 2010 20:02 by author RakeshB

Archive Mailbox is one of the many welcoming features in Exchange 2010 Server. This feature solves issues related to PST files which gives headache for any exchange admins.

Let me explain how archive mailbox feature will address the existing problems.

  • There is no company which doesn’t have staff using PST files. Archive mailbox gets rid of PST files by giving the user an additional mailbox.
  • PST files are local to the user’s machine, gets corrupted easily and is hard to include the files in backup. Archive mailbox sits in the same mailbox database as the user’s main mailbox and can be included in the backup easily.
  • Archive Mailbox is available in Outlook as well as Outlook Web App (OWA), which is a huge improvement. Users can access their email archive irrespective of where they are.
  • Archive Mailbox is included as part of the Exchange Enterprise CALs and hence no extra cost is required (for those who have ECALs).
  • Retention policies can be set for emails/folders in the archive mailbox.
  • User has the option to search for emails in archive only or both primary & archive mailbox.
  • Archive Quota can be set separate to the primary mailbox.
  • Emails in existing PSTs can be dragged into the archive mailbox very easily.
  • Users get Conversation View scoped to archive mailbox as well.
  • The archive and primary mailbox share the same user account.
  • Only one archive mailbox can be configured for a user.
  • Archive mailbox gets created on the same mailbox database as the primary one, which is a drawback. Future service packs might bring the option to create the archive mailbox in a different database.
  • The default quota warning for the archive mailbox is 10GB, which can be changed.
  • All in all, it is good news for admins as they don’t have to worry about issues like a lost laptop with PST files in it, corrupted PSTs etc.





    <<  March 2021  >>

    View posts in large calendar

    Sign in

    About Us Products Services Partners Certification Testimonials Contact Us Support Site Map Copyright © 2021. All Rights Reserved.