Posted by SteveHardie | On: Oct 15 2013
This article will describe how to renew your Exchange 2010 SSL Certificate with GoDaddy.
You may have noticed, that following the normal Renewal process doesn t work with GoDaddy, because Exchange 2010 will generate a CSR that does not work with the GoDaddy Renewal process.
So, it is simpler to just create a new Certificate Request.
There are 4 steps to this process
- Create a New Exchange 2010 Certificate request
- Renew/buy and setup your GoDaddy UCC SLL Certificate
- Complete the Exchange 2010 Pending Certificate request
- Assign the Exchange 2010 Services to the Certificate
1. Create a New Exchange 2010 Certificate request
- Open Exchange Management Console
- Expand Microsoft Exchange On-Premises and click on Server Configuration .
- Click on New Exchange Certificate in the action bar on the right-hand side.
- When the New Exchange Certificate windows opens, type in a friendly name for your certificate. (This can be anything, as this is only to identify the certificate if you have more than one)
- Click Next
- If you are requesting a Wildcard Certificate Then tick Enable wildcard certificate otherwise, leave this section blank.
- Click Next
- Select the services that this certificate will be used for. Use the drop down arrows to select the services that will be used. Also make sure that domain names are the primary one you used/will be using in your certificate for example remote.yourdomian.com.
- Click Next
- Review the list of domains that will be added to your certificate domains. Make sure you have your primary domain name for the certificate and the domain name added to the list. Make sure your primary domain name is Set as common name .
- Click Next
- Enter in your Organization details and Location details. Complete all the details as requested.
Click on Browse at the bottom to select a folder and file name for your Exchange Certificate Request (CSR).
2. Renew/buy and setup your GoDaddy UCC SLL Certificate
These images are taken from the GoDaddy renewal process, but if you are purchasing a new certificate, the process will be very similar.
- When asked Where is your certificate going to be hosted? , select THIRD PARTY, OR DEDICATED SERVER .
You will see that there is a Pending Request. GoDaddy will send an email to the domain administrator and account holder of the GoDaddy Account to verify that the Certificate is correctly acquired by you, the domain owner/administrator. Click on the link in the email to verify. Shortly after that the new certificate will appear under the Certificates folder in the Secure Certificate Service.
3. Complete the Exchange 2010 Pending Certificate request
- Open the Exhange Management Console, and go to Server Configuration.
- Right-click on the new pending certificate request you created and select Complete Pending Request .
- Click Browse and browse to the folder where you saved the content of the ZIP file.
- Change the file type to *.*, and select the .cer file
- Click Complete
When the process is done, you will notice that your new certificate will show as SELF SIGNED = FALSE.
4. Assign the Exchange 2010 Services to the Certificate
- Right-click on your new certificate again and select Assign Services to Certificate .
- Select the Exchange 2010 servers that this certificate will be applied to.
You are complete.
You may need to go into your IIS Manager and assign the certificate to your Outlook Web Access site, by editing the Bindings of the default site.
You CAN use the standard renewal process you just need to fix the CSR by running a single command line utility. This converts the CSR from binary DER format to ASCII Base64 format with the typical Begining and End lines, BEGIN NEW CERTIFICATE REQUEST BEGIN NEW CERTIFICATE REQUEST with the encoded data in between.
Then, you can just open the new CSR file in notepad or your favorite text editor. Copy and paste the information into Godaddy s website, and continue as usual.
I tried to find again the source that provided this amazing tip to me but couldn t. I do want to therefore just give a general Thank You to everyone that takes the time to post tips and advice for the rest of us to use. Hopefuly this post will help somebody as well.
Today while searching for some Godaddy UCC certificate alternative, i came across your blog post explaining how to renew Godaddy exchange ssl.
I really liked your detailed guide and i am sure many people finding this guide helpful. I just want to share this article i found that saved my $100 on renewal of UCC certificate https://www.ssl2buy.com/wiki/godaddy-ucc-certificate-alternatives-learn-how-to-save-over-100/
I am completely agree with the author of this article who nicely explained the reasons and benefits to shift my SSL vendor from Godaddy to Comodo
Thanks for this post Steve.
I always have trouble when renewing certificates as each server setup is different. This post certainly helped make the renewal process smoother.
Thank you so much for these instructions. I spent so much time finding instructions to install a Renewed Cert in Exchange 2010. GoDaddy provided was not so helpful.
Thanks for this write up! I always seem to bump into cert renewal issues, but I have this marked as a favorite now since it has served me perfectly a couple of times. Cert renewals are pretty straight forward, but they are done so infrequently that it s hard to remember all of the small details.
Thanks again sir!
Thanks for the guide I m almost finished renewing our SSL certs. However, after I finish Complete Pending Request I cannot assign Services to the certificate.
Do I need to delete the old cert instance first before this will work properly?