To start, open an elevated command prompt and change the working directory to where the win-acme client is installed, run wacs.exe. You will be presented with an interactive menu.

There is no “simple” menu for setting up the certificate for Exchange, so at this point, enter M to create a new certificate with full options.

ssl-certificate3

Choose to create a new certificate with full options.

ssl-certificate4

Choose to create a new certificate will full options.

Next, you will be asked to select how the list of host names will be included in the certificate to be requested. Enter 2 to choose the option for manual input.

ssl-certificate5

Select the option to manually input the host namesssl-certificate6

Select to manually input the host names

You are prompted for the list of host names. Enter multiple host names separated with a comma. In this example, the host names used are mail.psh-lab.gq,webmail.psh-lab.gq,autodiscover.psh-lab.gq

The first host name in the order will be chosen as the main certificate name by default.

ssl-certificate7

Specify the host names to include in the SAN certificate

The next prompt shows you the suggested friendly name for the certificate (this is not the same as the certificate name), press Enter to accept the default.

ssl-certificate8

Accept the default friendly name

The list of available methods to verify the ownership of the domains you added for the SAN certificate. Enter 2 to choose the option to use the [http-01] recommended verification method.

ssl-certificate9

Choose the recommended ownership verification method

Choose the type of encryption key to be used for the certificate signing request. The default option is RSA key and it is also recommended. Enter 2 to choose RSA key.

ssl-certificate-10

Select RSA key for the certificate signing request

There is more that one way to store the requested certificate. But, in this example, the Windows Certificate Store will be selected. Enter 3 and press Enter.

When asked if you want to add another way to store the certificate, enter 3 again to skip and press Enter.

ssl-certificate-11

Choose the Windows Certificate Store only

Next, you will be asked to choose one or more actions to perform after the certificate is installed in the Windows Certificate Store. Choose options 1 to create or update the HTTPS bindings and 1 to select the Default Web Site.

ssl-certificate-12

Select options to update the https IIS binding for the Default Web Site

Leave a Reply

Your email address will not be published. Required fields are marked *