Friday, March 13, 2009

New SSL Certificate on Exchange 2003

So I have decided to change companies for my ssl. Sure not a problem, after all, it is just a certificate.

Well, with IIS 5 like Server 2003 comes with there is no way to actually go in and create a new CSR for a website. So I searched online to find a way to do this and found a site that had a mention of what to do. I read it and thankfully remembered enough to get it done because I could not remember where I found it. I went through my history and just couldn't find it again. But this is what I did.

I first opened Internet Information Services Manager. Then I expanded the local computer and found the folder called websites. I right clicked on the folder and created a dummy site. I didn't go though setting any settings in it except the name.

I then right clicked on the site and went to properties. Under the tab Directory Security, I clicked on Server Certificate. I created a new CSR, using the wizard, and submitted it to the company to validate my ssl certificate.

Once that was done and they issued me my ssl I went back to where I created the CSR and finished installing the certificate using the wizard. And rebooted.

I then, had to install the root certificate and intermediate certifcates. To do that, I had to go to Start > Run and type in mmc and press Enter. Then I went to File > Add/Remove Snap-In... On the window that opened up I clicked on Add... And on the window that opened up I chose Certificates and clicked Add. Then on a wizard that opened up, I had to choose Computer Account, click next, and Local Computer, click finish. Then I closed that window and I clicked OK. I expanded the certificates and found the Trusted Root Certification Authorites. I right clicked on that and chose All Tasks > Import... The wizard that popped up asked me to browse to the certificate. I then clicked next and left the default Place all certificates in the following store, Trusted Root Certification Authorites. Next. and Finish.

I then repeated the process for the 2 intermediate certificates except I did that under Intermediate Certification Authorities.

I then went back to IIS Manager and found the website that I actually use (for me it is the default website). I then went back into the properties and the Directory Security Tab. I went to Server Certificate... and on the wizard that popped up I chose Replace the current certificate, Next, and found the certificate that I had just purchased. Then I went through the rest of that wizard accepting defaults and once I was done with the wizard I clicked on View Certificate.

Hey look at that there it is!

I then went to the dummy site and deleted it. If you are unsure of yourself after doing that you can go back and look at the certificate just to help yourself sleep better.

After all that I checked my Outlook Web Access and it is working with the new SSL... And my phone still gets email too, so I must be good to go.