The Exchange Server 2007 Client Access Server is installed with a self-signed certificate on the IIS site hosting Exchange remote access services. Before publishing this to the internet you should export your existing SSL certificate from the Exchange Server 2003 server and import it on the Exchange Server 2007 server.
Export the SSL Certificate from the Exchange Server 2003 server
On the Exchange Server 2003 server go to Start -> Run and launch mmc.exe.
Click File and Add/Remove Snap-in.
Click on Add and choose the Certificates snap-in.
Choose Computer Account then click Next.
Choose Local Computer and then click Finish.
Click Close and OK to return to the MMC, with the Certificates snap-in now installed. Navigate to Certificates (Local Computer)/Personal/Certificates. The SSL certificate used for Exchange remote access will be visible in the right pane of the console.
Right-click the certificate and choose All Tasks -> Export. Click Next to move past the welcome dialog for the Certificate Export Wizard.
Choose Yes, export the private key and then click Next.
Click Next to accept the default file format.
Enter a password for the exported certificate. You will need to remember this password to import the certificate onto other servers. Click Next to continue.
Enter a file name for the exported certificate. Click Next to continue.
Click Finish to complete the wizard.
Import the SSL Certificate on the Exchange Server 2007 server
Copy the exported certificate file to the Exchange Server 2007 server.
On the Exchange Server 2007 server launch mmc.exe and add the Certificates snap-in. Navigate to Certificates (Local Computer)/Personal/Certificates. Right-click Certificates and choose All Tasks -> Import. Click Next to move past the welcome dialog.
Browse to the location you copied the certificate file to. Select the file and click Open.
Click Next to continue.
Enter the password for the certificate, and tick the box to mark the key as exportable. Click Next to continue.
Click Next to import the certificate to the Personal certificate store.
Click Finish to complete the Certificate Import Wizard.
Note: These next steps apply to IIS 7 on Windows Server 2008.
Launch Internet Information Services (IIS) Manager from the Administrative Tools menu of the Exchange Server 2007 server. Navigate to the Default Web Site.
Click Bindings in the Actions pane of the IIS Manager console.
Select https and then click Edit.
Use the drop-down list to select the SSL certificate that you imported on the server.
Click OK and then Close.
About Paul Cunningham
