Saturday, July 10, 2010

adding a UCC (mulitple name) SSL certificate to SBS 2008

Adding a single name SSL certificate to SBS 2008 is pretty easy using the "add a trusted certificate" wizard in SBS 2008. But it's not as easy if you want a UCC SSL certificate - should you have a DNS host that doesn't support SRV records.

I found sembee's blog post on this exact topic here. His steps are a little convoluted, but here's a short version with just the need to know info:

You're not going to use the wizard. You'll use the powershell.

You'll go to Digicert's wizard for UCC creation:
https://www.digicert.com/easy-csr/exchange2007.htm

Then use the Powershell command it creates on your SBS 2008 box. It'll create a CSR file on the root of your C drive.

Take that CSR file to your SSL cert provider (godaddy or whoever). Buy the UCC cert and put in the CSR as needed.

After your cert is approved, download the cert and use this command to import the certificate:
Import-ExchangeCertificate -Path “D:\Shares\Install\SSL Cert\mail_ExternalDomaiName_com.crt” -FriendlyName “CompanyName UCC Cert”
(altered as appropriate of course for the actual path of your SSL cert)

Also follow the necessary instructions provided by the cert provider about intermediate certification authorities if applicable. Restart the MS Exchange Transport service and run an iisreset.

Then go back to the "add a trusted certificate wizard" in the SBS console and tell it that you'll use an already existing certificate and choose the cert that you just imported.


EDIT - this all makes sense, and I should see this working as I see the certificate in the personal store of the certificates MMC, so I should be able to add the UCC cert in the "add a trusted certificate wizard" - but I don't see it there, so I'm going to go the more manual route and follow these instructions:

http://www.xbarit.com/bradblog/2009/12/14/how-to-manually-install-an-ssl-certficate-on-sbs-2008/

1 comment:

William said...

this seems a little out of my league and complex, i am relatively new to the whole ssl certificates thing and wanted a simplistic guide to follow, if this is simplistic then i'm shafted!