A simple guide to request and generate a wilcard cert to your Exchange Server trough power shell.
In the case, this is the official Microsoft guide.
Get-ExchangeCertificate | select Thumbprint, Services, NotAfter, Subject, CertificateDomains | where {$_.Services -match “IIS”} | fl
Now we need to generate a new cert request.
this is the command:
New-ExchangeCertificate -GenerateRequest -RequestFile \.req [-FriendlyName ] -SubjectName [C=,S=,L=,O=,OU=],CN= [-DomainName ,…] [-BinaryEncoded <$true | $false>] [-KeySize <1024 | 2048 | 4096>] [-Server ]
Common fields comma separated in the SubjectName :
C=CountryOrRegion
S=StateOrProvince
L=LocalityOrCity
O=Organization
OU=Department
Ti generate a WILCARD request :
New-ExchangeCertificate -GenerateRequest -RequestFile “\localhost\c$\Cert_Req_Wicard.req” -FriendlyName “Softcomet.it Wildcard Cert” -SubjectName “C=IT,CN=*.softcomet.it”
To generate a SAN request :
New-ExchangeCertificate -GenerateRequest -RequestFile -RequestFile “\localhost\c$\Cert_Req_Wicard.req” -FriendlyName “Softcomet.it SAN Cert” -SubjectName “C=IT,CN=mail.softcomet.it” -DomainName autodiscover.softcomet.it,legacy.softcomet.it,autodiscover.softcomet.it
At this point you have you manage the certificate issue with your cert authority. Personally i use SSL2Buy https://www.ssl2buy.com
When you have it, go back to the console and issue this command to show the pending requests:
Get-ExchangeCertificate | where {$_.Status -eq “PendingRequest” -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint
Issue this command
Import-ExchangeCertificate -FileName “\” [-Password (ConvertTo-SecureString -String ‘ ‘ -AsPlainText -Force)] [-PrivateKeyExportable <$true | $false>] [-Server ]
In my case i put the cert under C:\353954770
So this is the command:
Import-ExchangeCertificate -FileName “\localhost\c$\353954770\STAR_softcomet_it.crt”
Now check with this command :
Get-ExchangeCertificate | where {$_.Status -eq “Valid” -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint
Finally assign it to the IIS,SMTP,POP and so on..
Enable-ExchangeCertificate -Thumbprint 271041D73DA880438161B824402F23118497CDC9 -Services “SMTP
, IMAP, POP, IIS”