The Microsoft Exchange mail server is renewed approximately every three years: Exchange 2000, 2003, 2007, 2010, 2013, 2016. Of course, it is advisable to use the latest version, but it is not easy to migrate a production server as sensitive as the one that manages emails in a company. Using a cluster that includes multiple Exchange is not easier to update, which is why many organizations are still running Exchange 2010 or even 2007, although official Microsoft support has ended on this. version of the server operating system. And since it is necessary to continue to protect the flows, the installation of an SSL certificate is still possible on Internet Information Services (IIS) in order to secure Exchange or a website.
This tutorial describes how install a (new) SSL certificate for Exchange 2007 on a Windows Server with IIS. Of course, the procedure is almost equivalent with other versions of Microsoft Exchange.
Microsoft Exchange 2007: set up an SSL / TLS certificate
1. Once the certificate has been uploaded to the Symantec, Digicert, GoDaddy or other account, copy the files (p7b, pxf…) to the hard drive of the Microsoft Exchange server.
2. Start the Exchange Management Shell (Start menu, Programs, Microsoft Exchange Server 2007).
3. Copy paste this command by adapting the path and file name:
Import-ExchangeCertificate -Path C:certificatssl.p7b | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Also adapt the services on which to install the new SSL certificate, according to the use made of this Exchange server.
4. Once the command has been executed, the certificate is in place. Check that it has been taken into account by another PowerShell command:
Get-ExchangeCertificate -DomainName webmail.entreprise.com
By changing the domain name (after DomainName).
5. The Services column indicates what has been configured:
- S: SMTP
- I: IMAP
- P: POP3
- W: Web (IIS)
If the certificate is not correctly installed, you can restart the Enable-ExchangeCertificate command by indicating the certificate thumbprint, to be found in the details of the certificate file.
Enable-ExchangeCertificate -ThumbPrint [empreinte] -Services "SMTP, IMAP, POP, IIS"
Or [empreinte] is the long series of numbers and letters, without spaces.
Test the SSL / TLS certificate
We can use a service like Symantec CryptoReport to validate the new SSL / TLS certificate: