How To: Install a SSL Certificate on SBS 2011
There are many different ways to install a SSL certificate on Small Business Server 2011. The method may even be a little different if a certificate has never been installed on this particular server before. This guide will show you how to install the certificate using the Certificates MMC and the Microsoft Exchange Management Shell. There will also be some third party websites used in this guide to help the process along.
Gathering Details
We will need to gather some details about the organization before we can start the certificate creation and installation process. Because the idea behind a SSL certificate is to secure communications, obtaining one means you need to verify you own the domain you are working with. In order to verify the domain, you must supply accurate information as well.
1. Open a web browser and navigate to http://www.Godaddy.com/Whois
2. Enter the domain name you are working with and click Search. You will likely need to enter a verification code as well.
3. Locate the fields Registrant Organization and Registrant City. You may know these off hand, however when we create the certificate, the information we provide should match these fields exactly.
Requesting a Certificate
1. Open a web browser and navigate to https://www.digicert.com/easy-csr/exchange2010.htm
2. Fill in the following fields:
Common Name: – This is the main name on the certificate. I usually use Remote.CompanyName.com for SBS Networks, but this could be the outside name for the server you are securing. Example: Mail.CompanyName.com
Subject Alternative Name: – Place additional names for the server in this box. For Exchange, we usually have Autodiscover.CompanyName.com, but you may have additional names you’d like to add on the certificate for SharePoint (Company Web) or other services. One per line.
Organization: – This is the organization name as it is displayed on the WHOIS report.
Department: – This field can usually be left blank.
City: – Enter the name of the city as it is displayed on the WHOIS report.
State/Province: – Choose the State that the city is in.
Country: – Choose the country
Key Size: – Leave this at the default (2048)
3. Click the Generate button to get the code.
4. Copy the generated command from the right of the screen to your clipboard.
5. Log on to your Small Business Server 2011 or Exchange 2010 Server as an administrator
6. Open the Exchange Management Shell as administrator
7. Paste the code into the Exchange Management Shell. If you would like to change the location of the CSR, Change the path under the -path section of the command and hit enter.
8. Navigate to your generated CSR code and copy it to your clipboard.
Submit the CSR
This part of the guide will differ depending on who you purchase your SSL Certificate through.
To purchase a certificate from Godaddy, use: https://support.godaddy.com/help/article/562/requesting-an-ssl-certificate
Installing the Certificate
Once you have your new certificate verified and downloaded, we can install the certificate. There are a few ways to do this, but I will show you one.
1. Log on to your Small Business Server 2011 server as an administrator
2. Click Start and type mmc , press enter
3. Click File and Add/Remove Snap-in…
4. Find Certificates in the list and choose Add >
5. When prompted, Choose Computer Account and click Finish
6. Leave Local Computer selected and click Finish, then OK.
7. Expand Certificates > Personal >
8. In the Actions Pane, Click More Actions > All Tasks > Import…
9. Locate the certificate that you downloaded and click Next
10. Import the Certificate into the personal store and finish the wizard.
11. Open the Exchange Management Shell as administrator
12. Locate the new certificate by using the Get-ExchangeCertificate command
13. Copy the Thumbprint of the new certificate to your clipboard
14. Issue the command Enable-ExchangeCertificate and hit enter
15. When asked for services, enter IIS, IMAP, POP, SMTP and hit enter. Note the , and space locations.
16. When asked if you want to enable the certificate, enter Y or A to answer the prompt.
Note: I have noticed that many times after downloading the certificate from Godaddy, that the private key is missing. If the private key is missing, then you will likely get an error message at this point and will not be able to continue. There will be an article written on how to fix that as well.
The certificate is now installed and configured. If you need to delete any old certificates, you can use the Get-ExchangeCertificate command to view all installed certificates, copy the thumbprint, then issue the Remove-ExchangeCertificate command to delete the old certificate.
Much of this can be accomplished through the Small Business Server Console, but this is the method that I have been using to install certificates. On a brand new installation of SBS 2011, it may be easier to use the console to install the certificate instead of the above.
Thank you for such a detailed article on installing SSL certificate on SBS. I went through entire article and found one query. As you recommended purchasing ssl certificate from digicert, godaddy! is it necessary to choose their certificates only. Actually what happen is; i already bought an ssl certificate from https://www.ssl2buy.com/comodo-multi-domain-ssl.php website and not sure about the compatibility.
please guide!
Rimohe,
Thanks for the comment! No, you are not limited to using just GoDaddy for certificates. You can use any certificate provider. From the link you provided me, it looks like that should work just fine. I have not used that site before, but I would imagine that after you have generated the CSR on Exchange, you can paste the code into their website to start your certificate request.
I hope this helps! Be sure to check out the forums as well!
Thanks, I used some of this info on our blog, I hope you don’t mind https://www.itopia.com.au/blog/if-youre-running-sbs2011-small-business-server-2011-its-time-to-upgrade/