Exchange Server Setup – Setup Public TLS. For those organizations that wish to secure as much of their mail transit as possible, it is necessary to configure Public TLS for the Internet-facing connectors. If you have a single Edge or Hub Transport server handling all of the organization’s mail traffic, this process is simple. If you have separate Send and Receive servers, multiple sites with public connectors, or both, it is simply repeating the same 4 step process.


Step 1 – confirm the FQDN It is important to make 110% sure that you request the certificate with the proper name to prevent certificate errors due to certificate mismatches. The name you need to register the certificate for needs to match the FQDN that your connector is responding with. If you look at the connector properties, you need to locate the FQDN for your connector. For our purposes, we will assume the connector to be registered to mail.example.com.


Step 2 – Request the certificate The first step in the certification process is creating a certificate request file. To simplify your life, this process should be run on the server the certificate will be installed. A wizard will mask the process for unattended upload of the files. The default wizard setting will be used to create the requested file during the wizard. To create the file, you need to choose the files that you will add to your certificate request file and then add them. Then, click on the Next button.


Step 3 – Install the certificate After you have created the certificate request file, you need to install it on the server. This is done with a normal client compatible with HTTP or HTTPS. There are many different ATMs and tools around the world that will allow you to create your certificate request file. Once you have this software installed, you run the utility, and it will generate the files for you, one file at a time. Then, you simply copy the files into a Certification Authority, such as RADIUS (the name depends on the software you are using), and then copy the certificate to your local machine. You can then run ATA from your command prompt to import the certificate into the Active Directory.


Note: Make sure you download and save your certificate file to an appropriate machine. Most applications will offer to create a shortcut on the desktop so that you can easily paste it into a program for local use.
Windows Vista and Windows Server 2008 instructions on creating the Microsoft Exchange Server certificate.

  1. MS Exchange Server 2007 will be installed and configured at a workstation.
  2. The role of the Exchange administrator is to enable basic and high availability of mailboxes to Microsoft Exchange Server.
  3. The Microsoft Exchange Server certificate will be configured for the workstation or server.
  4. The user accounts will be configured for either Outlook or Eudora Internet email clients.
  5. The certificate template will be downloaded and saved on the local machine.
  6. The local machine will then be connected to the internet, and the certificate will be downloaded and installed onto the server.

Based on your installed exchange server capacity, this process will take one to two minutes. Once performed, you may see a yellow screen with an error message. But the process has been successful.
Your SSL Certificate now needs to be configured on the mail server
It is now time to configure your SMTP server to accept the SSL Certificate. This is done with a simple command line. (Please note; that there are other command line parameters in a future article, but not this one, yet.)
1) For Outlook:
2) For Eudora:
Setup your certificate
Click “Start” – “Run” – Type “Certutil -genkey” and click “Ok” or -Insert your company name and group name, and then click “Ok”- If your organization is a small business, you might want to use a different command line. Here is a link in regards to Microsoft’s instructions.


For more information, view the ” Publishing Parents” help topic in the Microsoft Office 2010 Using Office Program walk-through or on the Microsoft MSDN website.
One file in this collection contains your name, your subscribing name, and the public key certificate you created. Recent SWF, AVE, and EVF are The three names for your SSL certificate. Usually, these are included together as one hex file.