Malta Finance

Aug 30 2017

Steve Hardie – How To: Renew a GoDaddy Exchange 2010 SSL Certificate #wilcard #ssl


Posted by SteveHardie | On: Oct 15 2013

This article will describe how to renew your Exchange 2010 SSL Certificate with GoDaddy.
You may have noticed, that following the normal Renewal process doesn t work with GoDaddy, because Exchange 2010 will generate a CSR that does not work with the GoDaddy Renewal process.

So, it is simpler to just create a new Certificate Request.

There are 4 steps to this process

  1. Create a New Exchange 2010 Certificate request
  2. Renew/buy and setup your GoDaddy UCC SLL Certificate
  3. Complete the Exchange 2010 Pending Certificate request
  4. Assign the Exchange 2010 Services to the Certificate

1. Create a New Exchange 2010 Certificate request

  1. Open Exchange Management Console
  2. Expand Microsoft Exchange On-Premises and click on Server Configuration .
  3. Click on New Exchange Certificate in the action bar on the right-hand side.
  4. When the New Exchange Certificate windows opens, type in a friendly name for your certificate. (This can be anything, as this is only to identify the certificate if you have more than one)
  5. Click Next
  6. If you are requesting a Wildcard Certificate Then tick Enable wildcard certificate otherwise, leave this section blank.
  7. Click Next
  8. Select the services that this certificate will be used for. Use the drop down arrows to select the services that will be used. Also make sure that domain names are the primary one you used/will be using in your certificate for example
  9. Click Next
  10. Review the list of domains that will be added to your certificate domains. Make sure you have your primary domain name for the certificate and the domain name added to the list. Make sure your primary domain name is Set as common name .
  11. Click Next
  12. Enter in your Organization details and Location details. Complete all the details as requested.
    Click on Browse at the bottom to select a folder and file name for your Exchange Certificate Request (CSR).

  • Click Next
  • Verify your details are correct, then click New to generate the CSR.
  • Click Finish
  • You should now see your pending certificate request in the list of Exchange Certificates

  • 2. Renew/buy and setup your GoDaddy UCC SLL Certificate

    These images are taken from the GoDaddy renewal process, but if you are purchasing a new certificate, the process will be very similar.

    1. When asked Where is your certificate going to be hosted? , select THIRD PARTY, OR DEDICATED SERVER .

  • Browse to your Certificate Request File that you just created from your Exchange 2010 Server and open it with notepad. Copy and Paste the text from the file to the box where it says Enter your Certificate Signing Request (CSR) below
  • Verify the correct Subject Alt names are listed. These should be the same domain names you listed under Certificate Domains when you generated the CSR.
  • Then select GoDaddy as your Certificate Issuing Organization.
  • Click Next
  • On the next window, confirm all your settings and click Next .
  • Launch the SECURE CERTIFICATE SERVICE from your control panel in GoDaddy.
    You will see that there is a Pending Request. GoDaddy will send an email to the domain administrator and account holder of the GoDaddy Account to verify that the Certificate is correctly acquired by you, the domain owner/administrator. Click on the link in the email to verify. Shortly after that the new certificate will appear under the Certificates folder in the Secure Certificate Service.
  • When the certificate is ready, select the certificate and click on the download option. In the Download Certificate windows, select EXCHANGE 2010 from the drop down and click Download. A ZIP file will be downloaded. Extract the ZIP file and save the certificates.

  • 3. Complete the Exchange 2010 Pending Certificate request

    1. Open the Exhange Management Console, and go to Server Configuration.
    2. Right-click on the new pending certificate request you created and select Complete Pending Request .
    3. Click Browse and browse to the folder where you saved the content of the ZIP file.
    4. Change the file type to *.*, and select the .cer file
    5. Click Complete

    When the process is done, you will notice that your new certificate will show as SELF SIGNED = FALSE.

    4. Assign the Exchange 2010 Services to the Certificate

    1. Right-click on your new certificate again and select Assign Services to Certificate .
    2. Select the Exchange 2010 servers that this certificate will be applied to.

    You are complete.

    You may need to go into your IIS Manager and assign the certificate to your Outlook Web Access site, by editing the Bindings of the default site.

    You CAN use the standard renewal process you just need to fix the CSR by running a single command line utility. This converts the CSR from binary DER format to ASCII Base64 format with the typical Begining and End lines, BEGIN NEW CERTIFICATE REQUEST BEGIN NEW CERTIFICATE REQUEST with the encoded data in between.

    Certutil -encode

    Then, you can just open the new CSR file in notepad or your favorite text editor. Copy and paste the information into Godaddy s website, and continue as usual.

    I tried to find again the source that provided this amazing tip to me but couldn t. I do want to therefore just give a general Thank You to everyone that takes the time to post tips and advice for the rest of us to use. Hopefuly this post will help somebody as well.

    Today while searching for some Godaddy UCC certificate alternative, i came across your blog post explaining how to renew Godaddy exchange ssl.

    I really liked your detailed guide and i am sure many people finding this guide helpful. I just want to share this article i found that saved my $100 on renewal of UCC certificate

    I am completely agree with the author of this article who nicely explained the reasons and benefits to shift my SSL vendor from Godaddy to Comodo

    Thanks for this post Steve.

    I always have trouble when renewing certificates as each server setup is different. This post certainly helped make the renewal process smoother.

    Thank you so much for these instructions. I spent so much time finding instructions to install a Renewed Cert in Exchange 2010. GoDaddy provided was not so helpful.

    Thanks for this write up! I always seem to bump into cert renewal issues, but I have this marked as a favorite now since it has served me perfectly a couple of times. Cert renewals are pretty straight forward, but they are done so infrequently that it s hard to remember all of the small details.

    Thanks again sir!

    Thanks for the guide I m almost finished renewing our SSL certs. However, after I finish Complete Pending Request I cannot assign Services to the certificate.

    Do I need to delete the old cert instance first before this will work properly?

    Written by admin

    Leave a Reply

    Your email address will not be published. Required fields are marked *