I recently purchased a SSL Certificate from GlobalSign (A MSFT trusted CA). My goal was to apply this certificate only to IIS...specifically OWA and ActiveSync (Outlook Anywhere not used presently). I am running Exchange 2010 on Win Server 08 R2. I followed the standard process of creating the Exchange Cert on the "Server Config" in EMC. Then when I received the Validated Cert from Global Sign I applied that to the internal Exchange Cert by "Complete Pending Request" in EMC. When I went through the "Complete Request" wizard I specifically checked "IIS" as the only service to assign to the Cert. What happens is that the new Cert gets applied to IIS (which is want I wanted) but also to SMTP...so then every Outlook client received the prompt to Accept the new GlobalSign Certificate. This would have been OK other than the fact that even if I successfully install the new GlobalSign Cert locally on each Outlook client PC (which I did on a few) it kept prompting them several times that there is a new Cert. I think (but am not sure) that the prompting is because the new GlobalSync Cert is "mail.domainname.us" while the original default certificate that Outlook was using (and the settings Outlook was installed with) is the server name "ExchangeServ"?
I also tried assigning the GlobalSign certificate thumbprint to the IIS service only using the EMS, specifically the command "Enable-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXXXXX -Services "IIS"...using the newly created Cert thumbprint. This command was successful but it also applies the new Cert to SMTP also and the new certificate prompting starts again?
I have read on this forum that one certificate for all (SMTP, IIS, POP, IMAP) is preferred...and I would be ok with that if the cert prompted only once.
Any ideas on what I am doing wrong or can do to apply the new cert only to IIS (and NOT SMTP)?
Thank you in advance for any replies.