Step1
Genererate CSR Request
New-ExchangeCertificate -GenerateRequest -Path c:\mailserver_domainname_com.csr -KeySize 1024 -SubjectName “c=US, s=Wisconsin, l=Madison, o=My Company Name, ou=IT, cn=mail.EXTERNALDOMAIN.com” -DomainName OPTIONAL.EXTERNALDOMAIN2.COM, autodiscover.EXTERNALDOMAIN.com, SERVERNETBIOSNAME, SERVERNETBIOSNAME.INTERNALDOMAIN.local -PrivateKeyExportable $True
If you are not a EMS person- Digicert has made it easy for you and offers online CSR Generation for Exchange 2007 UCC/SAN cert. Below is the link
https://www.digicert.com/easy-csr/exchange2007.htm
ENSURE THAT COMMON NAME IS CORRECT – IF IT IS NOT THEN CORRECT IT, YOU CAN CHANGE ALL OTHER HOSTNAMES IN CERT BESIDES THE COMMON NAME by yourself. But for CN plan on spending good chunk of time on phone with SSL provider.
Step2
Submit CSR request to your SSL Provider and wait for Domain Control Validation email, validate email from Certificate Authority
Step3
Download Certificate files and Import intermediate Certificate to mailserver’s certificate store.
If you are using GoDaddy, Follow Instructions found here
https://certs.godaddy.com/InstallationInstructions_alt.go
Step4
Import Exchange Certificate and enable it for appropriate services to Enable it for IIS,SMTP, POP and IMAP use cmdlet below. substitute “c:\MyNewUCCCertfromcheapsslprovider.cer” with your certificate file path
Import-ExchangeCertificate -path c:\MyNewUCCCertfromcheapsslprovider.cer | Enable-ExchangeCertificate -Services “IIS,SMTP,POP,IMAP”
Step5
Verify that Exchange 2007 is using correct certificate by typing following cmdlet
Get-ExchangeCertificate | where {$_.services -eq “IMAP, POP, IIS, SMTP”}