I recommend that you should simply install SAN certificate on Exchange. You should contact 3rd party CA which is having support for these kind of certs,. You should aware of all subject Alternative Names which will help you to register. Following exchange Management Shell (EMS) command Tom which you should enter in order to generate cert request that should be provided to e 3rd party CA so that it can generate actual cert.
Code:
New-Exchangecertificate -domainname mail.contoso.com, contoso.com, contoso.local, autodiscover.contoso.com, server01.contoso.local, server01 -Friendlyname contosoinc -generaterequest:$true -keysize 1024 -path c:\certrequest.req -privatekeyexportable:$true –subjectname "c=US o=contoso inc, CN=server01.contoso.com"
After processing of your request, you will get cet and you have to install the same on your default website. There is no need of IIS Admin Console to install certificate. Also you should use management shell to install cert.
You should import cert by
Code:
Import-exchangecertificate –path <full path to cert file>
After that you have to enable the same
Code:
Enable-exchangecertificate
After executing above mentioned command you will notified to enter desire service which you wanted to enable for certificate created. As per requirement you can enable cert for IIS, POP3, IMAP, SMTP, or UM. You will be able to enable the same for multiple service by using enable command. Also you can use below mentioned parameter.
Code:
-services IMAP, POP, UM, IIS, SMTP
After executing above mentioned command it will ask for thumbprint . you have to copy and paste from results. If you are not able to get thumbprint then you should execute below mentioned command.
Code:
Get-Exchangecertificate
You should mentioned thumbprint whenever you are executing 'enable-exchangecertificate' command by using below mentioned parameter.
Code:
-thumbprint D75305BEF8175570EB6E03BA6FF4372D05ACE39F4
You should take care of the thing you have selected correct thumbprint in case you are having multiple copies of the same. after that you will require external DNS record and it should be pointing towards IP address of CAS server for the external name which is mapped with this particular certificate.
Bookmarks