Microsoft no longer supports Microsoft Exchange 2007 meaning it is no longer supported by Mimecast. If you're considering using Microsoft Exchange 2007, we strongly advise for you to upgrade to a newer version for maximum productivity. See Microsoft's Exchange 2007 End of Support Roadmap page.
This article provides information on obtaining, generating, and installing SSL certificates for Microsoft Exchange 2007, including steps for CSR creating, certificate installation, and enabling SSL for secure communication protocols like POP3.
Obtaining SSL Certificates
To use SSL certificates in Microsoft Exchange 2007, you will need to go through a process of generating a CSR (certificate signing request) on your Microsoft Exchange server, submitting the request to one of the supported Certificate Authorities, and installing the certificate on Microsoft Exchange 2007. Once the certificate has been installed you need to enable the certificate for your chosen protocols (detailed later in this guide).
Command Line CSR Generation (Exchange Management Shell)
See Microsoft support, for more information on Exchange Management Shell.
You can access the Exchange Management Shell, by using the following steps:
- Log into Microsoft Exchange 2007 Server as an Exchange administrator.
- Open the Exchange Management Shell and use the New-Exchangecertificate cmdlet to generate a new certificate request.
The following command is an example that you could use. This example assumes that your:
- Organization is called Acme Corp
- Organization is located in the United Kingdom
- Exchange 2007 server's FQDN is exchange.acmecorp.com
- Want to export your request to C:\
If you are unsure of how to run the above Exchange cmdlet, see Microsoft's Support article.
The request.req file now needs to be submitted to the certificate authority for processing.
Mimecast does not support self-signed certificates, so this request needs to be submitted to one of the recognized certificate authorities.
Installing SSL Certificates
Once the certificate has been issued by the Certificate Authority, you need to import the certificate into the Microsoft Exchange 2007 Server. After installing the certificate onto your Microsoft Exchange server, you will need to enable it for use with the POP3 protocol.
Command Line Certificate Installation (Exchange Management Shell)
Once the certificate has been issued by the Certificate Authority, create a new file called certnew.cer in the same folder as the request file. Open the certnew.cer file in Notepad, and paste the encoded certificate into the file.
You need to ensure that you run the import command listed below on the same server the CSR was generated on.
Open the Exchange Management Shell and run this command:
If you are unsure of how to run the above Exchange cmdlet, see Microsoft's Support Article about installing an SSL Certificate.
Command Line Certificate Enablement (Exchange Management Shell)
After the certificate has been installed, you will need to enable it for use with the POP3 protocol.
The first step is to obtain the certificate-thumbprint of the installed certificate. Open the Exchange Management Shell, and run the following command:
The output should be similar to:
The next step in this process is to enable the SL for use with the POP3 protocol. Open the Exchange Management Shell and run the following command:
If you are unsure of how to run the above Exchange cmdlet, see Microsoft's Support Article about configuring SSL Certificates to use multiple client access server host names.
The final step is to ensure that the certificate has been enabled for successfully for POP3. Open the Exchange Management Shell and run the following command:
The output should be similar to:
Under Services you should see P (POP3) listed.
Comments
Please sign in to leave a comment.