Install Self Signed Exchange 2010 SSL certificate

For my example, my domains are…

Local domain: vcp.local
Outside domain: vcpdomain.com.au

#NETBIOS name of Client Access exchange server:        vcpsydex01
#Internal FQDN (AD name):        vcpsydex01.vcp.local
#External FQDN (Public name):        smtp.vcdomain.com.au
#Autodiscover name:            autodiscover.vcdomain.com.au
#SubjectName:                cn=smtp.vcdomain.com.au

Run the following command on the Client Access Server for generating the new Self-Signed SSL cert using the names listed above:

New-ExchangeCertificate -FriendlyName “SelfSigned Cert” -SubjectName “cn=smtp.vcdomain.com.au” -DomainName vcpsydex01,vcpsydex01.vcp.local,smtp.vcdomain.com.au, autodiscover.vcdomain.com.au -PrivateKeyExportable $True

Prior to Windows Vista SP1, the Windows RPC/HTTP client-side component required that the Subject Name (aka Common Name) on the certificate match the “Certificate Principal Name” configured for the Outlook Anywhere connection in the Outlook profile. Therefore, as a best practice, you should ensure that smtp.vcdomain.com.au is listed as the Subject Name in your certificate unless you plan on changing the configuration which can be achieved by using the Set-OutlookProvider cmdlet with the -EXPR parameter as described in http://msexchangeteam.com/archive/2008/09/29/449921.aspx.

Open IIS on the Exchange Server and tell it to use this certificate.

1. Click on the Default Web Site
2. Click Bindings on the right
3. Select HTTPS, and choose edit
4. Under SSL certificate, click the drop down list and choose your certificate that you created earlier.
5. You need to setup the following external DNS entries 1. smtp.vcdomain.com.au 2. autodiscover.vcdomain.com.au, these need to point to the external IP address of your Exchange CAS server.
   The next few steps are to install the certificate to the Clients.
6. From Internet Explorer, navigate to the website of your OWA, https://mail.vcdomain.com/owa Click on Certificate Error, then click View certificates.
7. Click Install Certificate
8. Click Next
9. Select the second option
10. Select the box Show Physical Stores, Under Trusted Root Certification Authorities, select Registry and click OK

    Please note, you will need to repeat this step again and choose Local Computer. 

11. Click Finish
12. Select Yes. Close and re-open Internet Explorer.
13. Close and restart Internet Explorer.

For more information, please refer to http://msexchangeteam.com/archive/2007/07/02/445698.aspx