{"id":242,"date":"2013-01-27T03:32:36","date_gmt":"2013-01-27T10:32:36","guid":{"rendered":"https:\/\/www.netometer.com\/blog\/?p=242"},"modified":"2025-10-21T17:46:12","modified_gmt":"2025-10-22T00:46:12","slug":"how-to-generate-exchange-2010-self-signed-multiple-domain-certificate","status":"publish","type":"post","link":"https:\/\/www.netometer.com\/blog\/?p=242","title":{"rendered":"How to Generate Exchange 2010 Self Signed Multiple Domain Certificate"},"content":{"rendered":"<p>In this <a href=\"https:\/\/www.netometer.com\/video\/tutorials\/How-to-Generate-Self-Signed-Multiple-Domain-UCC-New-Exchange-certificate-in-Exchange-2010\" target=\"_blank\" rel=\"noopener\"><strong>step-by-step video<\/strong><\/a>, we demonstrate how to replace the default Single Domain, Exchange 2010 self-signed certificate (or an expired one) with a self-signed multiple domain (UCC) certificate.<\/p>\n<p><a title=\"Screencast: How to Upgrade from Exchange 2007 to Exchange 2010 Part 2\" href=\"https:\/\/www.netometer.com\/video\/tutorials\/How-to-Generate-Self-Signed-Multiple-Domain-UCC-New-Exchange-certificate-in-Exchange-2010\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" alt=\"Screencast: How to Generate Exchange 2010 Self Signed Multiple=\" src=\"https:\/\/www.netometer.com\/blog-pics\/How-to-Generate-Self-Signed-UCC.gif\" \/><\/a><\/p>\n<p>In step1 of the Screencast, we check the existing certificates on our Exchange 2010 CAS and generate a new self-signed, Exchange 2010 Multiple Domain certificate:<\/p>\n<p><a class=\"thumbnail\" title=\"[Error] The primary domain controller (PDC) emulator operations master in this forest is not configured to correctly synchronize time from a valid time source\" href=\"https:\/\/www.netometer.com\/blog-pics\/Generate-self-signed-UCC.png\" data-rel=\"penci-gallery-image-content\"  target=\"_blank\" rel=\"noopener\">Step 1 &#8211; generate self-signed UCC<img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Generate-self-signed-UCC-thumb.png\" width=\"33\" height=\"25\" \/> <span><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Generate-self-signed-UCC.png\" \/><br \/>\nStep 1: Generate a new self-signed Exchange 2010 Multiple Domain certificate.<\/span> <\/a><\/p>\n<p>The new certificate is not trusted both by domain (local) and remote clients. In step2 we export the generated self-signed UCC with its public key:<br \/>\n<a class=\"thumbnail\" title=\"Export the generated self-signed UCC with its public key\" href=\"https:\/\/www.netometer.com\/blog-pics\/Export-Public-Key-of-Self-Signed-UCC.png\" data-rel=\"penci-gallery-image-content\"  target=\"_blank\" rel=\"noopener\">Step 2 &#8211; export certificate<img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Export-Public-Key-of-Self-Signed-UCC-thumb.png\" width=\"33\" height=\"25\" \/> <span><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Export-Public-Key-of-Self-Signed-UCC.png\" \/><br \/>\nStep 2: Export the generated self-signed UCC with its public key.<\/span> <\/a><\/p>\n<p>Then, we create a new Group Policy, and add the certificate as a trusted root certificate to all domain clients:<br \/>\n<a class=\"thumbnail\" title=\"Create a GPO to add a trusted certificate to Domain Clients\" href=\"https:\/\/www.netometer.com\/blog-pics\/Create-Group-Policy-Add-Trusted-Certificate-to-Domain-Clients.png\" data-rel=\"penci-gallery-image-content\"  target=\"_blank\" rel=\"noopener\">Step 2 &#8211; create GPO<img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Create-Group-Policy-Add-Trusted-Certificate-to-Domain-Clients-thumb.png\" width=\"33\" height=\"25\" \/> <span><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Create-Group-Policy-Add-Trusted-Certificate-to-Domain-Clients.png\" \/><br \/>\nStep 2: Create a GPO to add a trusted certificate to Domain Clients.<\/span> <\/a><\/p>\n<p>In step 3, we publish the certificate to the web server running OWA:<br \/>\n<a class=\"thumbnail\" title=\"Publish Self-signed UCC to OWA web site\" href=\"https:\/\/www.netometer.com\/blog-pics\/Publish-self-Signed-UCC-Public-Key-to-OWA-Web-Site.png\" data-rel=\"penci-gallery-image-content\"  target=\"_blank\" rel=\"noopener\">Step3: Publish Self-signed UCC to OWA site<img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Publish-self-Signed-UCC-Public-Key-to-OWA-Web-Site-thumb.png\" width=\"33\" height=\"25\" \/> <span><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Publish-self-Signed-UCC-Public-Key-to-OWA-Web-Site.png\" \/><br \/>\nStep 3: Publish Self-signed UCC to OWA web site.<\/span> <\/a><\/p>\n<p>Then we download and install it on a remote client. The new self-signed UCC certificate is tested by running OWA and configuring Outlook Anywhere on the remote client:<br \/>\n<a class=\"thumbnail\" title=\"Import Self-signed UCC Public Key\" href=\"https:\/\/www.netometer.com\/blog-pics\/Import-Self-Signed-UCC-Provate-Key.png\" data-rel=\"penci-gallery-image-content\"  target=\"_blank\" rel=\"noopener\">Step3: Import Self-signed UCC Public Key<img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Import-Self-Signed-UCC-Provate-Key-thumb.png\" width=\"33\" height=\"25\" \/> <span><img decoding=\"async\" alt=\"\" src=\"https:\/\/www.netometer.com\/blog-pics\/Import-Self-Signed-UCC-Provate-Key.png\" \/><br \/>\nStep 3: Import Self-signed UCC Public Key.<\/span> <\/a><\/p>\n<p><a class=\"twitter-hashtag-button\" title=\"Exchange 2010 Self-signed UCC\" href=\"https:\/\/twitter.com\/intent\/tweet?button_hashtag=Exchange2010\">Tweet #Exchange2010<\/a> <a class=\"twitter-follow-button\" href=\"https:\/\/twitter.com\/netometer\" data-show-count=\"false\">Follow @netometer<\/a><br \/>\n<script type=\"text\/javascript\">\/\/ <![CDATA[\n!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=\"\/\/platform.twitter.com\/widgets.js\";fjs.parentNode.insertBefore(js,fjs);}}(document,\"script\",\"twitter-wjs\");\n\/\/ ]]><\/script><\/p>\n<p>Stay tuned on <strong><a title=\"NetoMeter - Screencasts and Step-by-Step Video Tutorials\" href=\"https:\/\/www.netometer.com\/blog\/?feed=rss2\" target=\"_blank\" rel=\"noopener\">NetoMeter<\/a><\/strong> &#8211; subscribe to<a title=\"NetoMeter - Screencasts and Step-by-Step Video Tutorials\" href=\"https:\/\/www.netometer.com\/blog\/?feed=rss2\" target=\"_blank\" rel=\"noopener\"> <strong>NetoMeter RSS<\/strong><\/a>.<\/p>\n<p>Dean<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this step-by-step video, we demonstrate how to replace the default Single Domain, Exchange 2010 self-signed certificate (or an expired one) with a self-signed multiple domain (UCC) certificate. In step1&hellip;<\/p>\n","protected":false},"author":1,"featured_media":328,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[18,5],"tags":[],"_links":{"self":[{"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/242"}],"collection":[{"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=242"}],"version-history":[{"count":0,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/242\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/328"}],"wp:attachment":[{"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.netometer.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}