When renewing an SSL certificate for Exchange 2010, the process is fairly straightforward and there are plenty of sites to give advice on how to do this. Two sites to consider would be Technet and Go Daddy and the steps are summarised as follow -
- In the console tree, click Server Configuration.
- Select the server that contains the certificate, and then select the certificate you want to renew.
- In the action pane, click Renew Exchange Certificate.
- On the Renew Exchange Certificate page, select the services you want to assign to the renewed certificate. The services that are checked are currently assigned to the certificate.
- When you click Assign, the Progress page will confirm your selections and try to renew the certificate.
- Click Yes to overwrite the existing certificate with the renewed certificate.
- The Completion page will display the status of the request in addition to the syntax of the cmdlet needed to renew the certificate.
Of course, it's never this easy and in my experience running a certificate renewal in Exchange 2010 generates a binary file (.req) that can't be easily copied and pasted into a web interface on the CA's side. In the past one would simply use Open With --> Notepad to get the certificate information but now Exchange 2010 generates the REQ file as binary and typically the file contents look like this:
When they should look something like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
In order to get the binary to base64 you need to convert it. There are various methods to do this and I have used both online tools and websites and the Command Prompt to achieve this, with the Command Prompt certainly being the far easier method to accomplish this (especially since it inserts the "BEGIN CERTIFICATE" and "END CERTIFICATE" header and footer automatically... making it a much more 'pure' conversion).
Using Base64 Online decoder and encoder (online method).
- Just upload the file, upload the .REQ file, click convert to source data button and grab the output.
- Paste contents to your favourite text editor
- Add the header and footer (both must be on separate lines) and then you're good to go!
The header must be a line on its own at the top as so:
And the footer must be a line on its own at the bottom as so:
Using the Command Prompt (preferred method):
certutil -encode (req filename) (target filename)