How to Generate a Self-Signed Certificate for Exchange 2007

You may need to generate a self-signed certificate for the internal domain for Exchange 2007.

Open the Exchange Management Shell in Windows Server 2008.


Run the following commands:

New-ExchangeCertificate -PrivateKeyExportable $True -Services “IMAP, POP, IIS, SMTP” -SubjectName “cn=*.internaldomainname.int

Enable-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT] -Services “IMAP, POP, IIS, SMTP”

If you want to export a copy:

Export-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT] -Path C:\Certificate.pfx -Password:(Get-Credential).password