Skip to main content

Apply a wildcard certificate on Exchange server 2010

This is the fasted and cheapest way to do this.

  1. Go get the Digicert Certificate Utility from https://www.digicert.com/util/
  2. Download it on the server you want to install the certificate
  3. Run the utility and select the existing expiring certificate (You may cleanup older eand expired ones too)
  4. Click on “Create CSR” and agree to import attributes from the previous certificate
  5. For the common name input : “*.domain.com” (where domain.com is the domain in question)
  6. For the Subject Alternative Names , leave it blank
  7. Complete the rest accuretely and select at least 2048 for the key size.
  8. Hit Generate. Copy the CSR and use it for step 13
  9. Go to Namecheap.com (create an account if you do not have one already)
  10. Purchase a wildcard Comodo SSL Certificate ($107.15 at the time of this article)
  11. Go back to Namecheap and view your available certificates
  12. Click on Activate Now
  13. Paste the CSR from step 8 and Submit the Request. You will be asked to provide a valid email. Make sure you have access to it!
  14. A few seconds later, go to the email and approve the certificate request.
  15. A few minutes later you will find the certificate on your namecheap registered email inbox
  16. Copy the certificate on the server, in the same directory as the digicert utility.
  17. Restart the digicert utility
  18. You will now see the new certificate ready to be applied! Select it and hit install
  19. Give it a friendly name like “wildcard2014”
  20. Your certificate is now installed. Now you will need to make it default for the required services
  21. Open IIS and expand until you get to the default website. Right click and select “Edit Bindings”
  22. Select all entries that are “https” on port “443” (there might be just one) – Set the binding to the new certificate (You will see it by its friendly name)
  23. Restart IIS (Top Left of the console) – Be patient, might take 2-3 minutes – this will downtime for users
  24. Test the OWA at : https://webmail.youdomain.com/owa/ and check the certificate with chrome. It should be by comodo and should be valid and green
  25. In most of the cases you are now done! There are some other cases though that you will need some extra configuration
  26. Open the exchange console
  27. Go to Microsoft Exchange-Microsoft Exchange On-Premises-Server Configuration-Client Access
  28. Go through the Outlook Web App,Exchange Control Panel,Microsoft Server Active Sync and make sure that the internal and the external addresses are pointing to the outside , certified website and not for example domain.loca/owa etc
  29. If you run into other problems with people getting error messages in their outlook clients, you might want to check with powershell the virtual hosts.
  30. Start the Exchange Management Shell and run the following : Get-ClientAccessServer  Get-WebServicesVirtualDirectory  Get-OABVirtualDirectory  You might need to check those for problems too.

 

If you run into problems, just start the discussion here, I have done this many times, and this will definitely work!