Generate Self-Signed SSL certificates for Exchange

The built-in Self signed certificate in Exchange 2010 and 2013 will not include multiple names. It only includes the server name. If you need to generate a multi SAN (Subject Alternate Name) Self Signed certificate for a test environment follow the following steps.

  1. Download SelfSSL7 from http://blogs.iis.net/blogs/thomad/SelfSSL7.zip
  2. Execute: Selfssl7.exe /N   cn=mail.domain.com;cn=autodiscover.domain.com;cn=casserver.domain.com;legacy.domain.com   /K 2048 /V 18250 /X /F c:mail_domain_com.pfx /W Password /Q

Switches for SelfSSL

  • /N – DNS Names in the Certificates (ex: cn=mail.domain.com;cn=autodiscover.domain.com
  • /K – Key length (/K 2048
  • /V – Valid time in days (18250 = 50 years)
  • /I – Configure IIS Bindings
  • /S – Site to Configure
  • /P – Port Number
  • /A – IP Address
  • /T – Trust Certificate (Add certificate to local Certificate Store)
  • /Q – Overwrite the present binding in IIS

Repost from: <http://geekswithblogs.net/renewieldraaijer/archive/2011/05/11/self-signed-san-certificates.aspx>

Subscribe For Latest Updates

Sign up for best of digital marketing, livestream and technology opinions on what matters to you.

Invalid email address
We promise not to spam you. You can unsubscribe at any time.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: