Create Certificate for Exchange 2007 Servers using Windows CA
Exchange 2007 uses SSL for OWA and SMTP, the exchange certificate created by the installation is not suitable for Exchange 2007 use.
You need to create a new certificate using SAN (Subject Alternate Name) extension to support the multi value names used by Exchange servers and clients.
Step1: Use Exchange Management Shell to create the CSR (Certificate request)
New-ExchangeCertificate -GenerateRequest – Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.req
The first name in the certificate should be your external server name, the certificate should include the servers FQDN, NetBIOS Name and Autodiscovery for Outlook 2007 users.
Step2: Open the CSR file created in the previous step and copy it.
Step3: Now import the certificate to the Exchange server using Exchange Management Shell
Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTP
Now the certificate should look like this:
The subject should include you external server name (if exposed to the internet)