1 300 737 205

Requesting and installing a certificate on Exchange Server

This is the 8th chapter from the guide How to setup and configure Exchange server 2010 behind Microsoft Forefront Threat Management Gateway. This is a continuation from the 7th chapter which shows how to Configuring mailboxes and mail services on Exchange server.

To request a certificate click on “New Exchange Certificate…”



On the first page, enter a name for the certificate and press Next.  If you like to go with a wildcard certificate, mark the checkbox and type your domain name starting with “*.”  Such as “*.pandahost.net” and click Next. Specify the request file that you have made on your IIS and complete all steps.

Submit your request to your Certificate Authority. You will receive the certificate and can complete the certificate request.

We can import the certificate we have requested through the “Import Exchange Certificate” wizard.


After importing certificate when your exchange is behind a firewall like TMG you may see certificate is invalid message as you can see in Figure. 2.



To resolve this issue, use the following command to set your proxy settings:

   netsh winhttp set proxy [myproxy]:8080

Your TMG server name is inserted into “myproxy” (as the example in Figure 3 shows). Refresh the certificate window.

After refreshing the window, remove the winhttp proxy with the following command:

netsh winhttp reset proxy



After importing the certificate you can now assign services to it.

To assign services to the certificate, right click on the particular certificate and select assign service to the certificate. 

On the first window, select add to add the server and then click Next.

On the Select Services page, select services that you are hosting on this server. Click Next and then Assign.

You may end up with the warning message which is illustrated in Figure. 4, but don’t worry. You can use the following commands in EMS to assign the certificate to POP and IMAP services:

set-POPSettings -X509CertificateName mail.yourdomain.com

Set-ImapSettings -X509CertificateName mail.yourdomain.com



The next chapter (9th chapter) will guide you through on Publishing Exchange with Microsoft ForeFront Threat Management Gateway 2010.

Request Your Free Consultation Today

We’ll come to your place of business, and give you a full diagnostic snapshot of your IT systems.