Installing and managing SSL certificates is one of the important tasks which every Administrator or Network Engineer sooner or later has to deal with.
We have published a series of Screencasts, trying to cover the most popular scenarios which you might normally meet in real life. Here are some of them:

– How to Install a Single Name GoDaddy SSL Certificate in Exchange 2007
– How to Renew (Replace) Self-Signed SSL Certificate in Exchange 2007
– IIS7 – How to Install GoDaddy SSL Certificate
– How to Install Self-signed Certificate – IIS7, Windows Server 2008

– How to Install Self-signed Certificate on a Mobile Device
– How to Add GoDaddy SSL Certificate in SBS 2008
– How to Install a Self Signed Certificate, Using SelfSSL.exe
– How to Export Self-Issued (Exchange 2007) Certificate to a File and Install it on a Mobile Device
– How to Install GoDaddy Multiple Domain (UCC) SSL Certificate in Exchange Server 2007

A lot of companies implement their own CA (Certification Authority) and it becomes an important security point in their organization. We got requests for Screencasts from our subscribers, about Microsoft CA (Certification Authority) installation and usage.
In most cases, you will see in real life the following two Microsoft CA:
– Stand-alone root CA
– Enterprise root CA
They have different operational characterisitcs and we will publish separate Screencasts about the installation and usage for both Microsoft Stand-alone and Enterprise root CA.
In this Screencast, we will demonstrate how to request and install Exchange 2007 Multiple Domain (SAN/UCC) certificate from a Stand-alone Microsoft CA, running on Windows Server 2008.
As usually, we will stick to our Step-by-Step approach and we will start with the installation and fine tuning of Windows Server 2008 Stand-alone CA.
You can download the text file with Exchange Management Shell commands, here.

Step 1 We start by installing and configuring Microsoft Stand-alone CA on Windows Server 2008. You will see also how to modify the default validity of 1 year for the SSL certificates issued by the CA.

Step 2 Next, we generate and submit Exchange 2007 SAN (UCC) certificate request to the CA. Then we issue and download Exchange certificate. As you will see we also need to download the Stand-alone CA root certificate.

Step 3 In this step we import first the CA certificate in the trusted Root Certification Authorities store. Then we install the Exchange SAN certificate. It is not enabled yet, as we need to perform some configuration changes first.

Step 4 We cover a lot of ground in this step. First we configure split DNS, then we adjust Exchange Autodiscover, Web Services, OAB, ActiveSync and OWA external and internal URL. Finally we enable the installed Exchange SAN certificate for IMAP, POP3, IIS and SMTP services.

Step 5 In the last step, we test the new certificate from a remote client. You will see how to add the Stand-alone CA to the trusted Root Certification Auhtorities store and let the client trust the SAN SSL certificate issued by the CA.