For those who are having the same problem as I am. Neither IIS nor Exchange Management Console was able to generate a Self Signed Certificate with my external internet hostname. i.e. mail.microsoft.local. The point in having a correctly hostnamed ssl certificate is to allow users to install the certificate. After digging around the internet I found out that Makecert can do the job but requires visual studios 2010 installed and/or Windows sdk. The thought of installing more bloating software on my server made me cringe. So I went about the lazy way and exported my old certificate into pfx format and imported it into IIS. Once done. goto IIS’s bindings for 443 (https port) and change the certificate to the new one.
A certificate from an ubuntu server should also work if it exports to pfx as well. In my case, my certificate was from a server 2003. I will keep a server 2003 in a virtual environment handy just to issue new SSL certificates.
UPDATE: after a power failure I realized I had come across a problem where my server was stuck at “applying settings” apparently there’s a problem with installing ssl certificates on server 2008 resulting in some services entering into a deadlock. google for the http.sys fix. it’s a simple registry to work around the problem. As well another source of “applying settings” hanging stemmed from me turning off IPv6 thinking I didn’t need it. Yes, you do. At least in my situation with AD&Exchange environment.
Leave a Reply