How To: Renew a GoDaddy Exchange 2010 SSL Certificate

This article will describe how to renew your Exchange 2010 SSL Certificate with GoDaddy.
You may have noticed, that following the normal Renewal process doesn’t work with GoDaddy, because Exchange 2010 will generate a CSR that does not work with the GoDaddy Renewal process.

So, it is simpler to just create a new Certificate Request.

There are 4 steps to this process

  1. Create a New Exchange 2010 Certificate request
  2. Renew/buy and setup your GoDaddy UCC SLL Certificate
  3. Complete the Exchange 2010 Pending Certificate request
  4. Assign the Exchange 2010 Services to the Certificate

1. Create a New Exchange 2010 Certificate request

  1. Open Exchange Management Console
  2. Expand Microsoft Exchange On-Premises and click on Server Configuration.
  3. Click on New Exchange Certificate in the action bar on the right-hand side.
  4. When the New Exchange Certificate windows opens, type in a friendly name for your certificate. (This can be anything, as this is only to identify the certificate if you have more than one)
    New Exchange Certificate
  5. Click Next
  6. If you are requesting a Wildcard CertificateThen tick Enable wildcard certificate otherwise, leave this section blank.
    Domain Scope
  7. Click Next
  8. Select the services that this certificate will be used for. Use the drop down arrows to select the services that will be used. Also make sure that domain names are the primary one you used/will be using in your certificate for example remote.yourdomian.com.
    Exchange Configuration
  9. Click Next
  10. Review the list of domains that will be added to your certificate domains. Make sure you have your primary domain name for the certificate and the domain name added to the list. Make sure your primary domain name is Set as common name.
    Certificate Domains
  11. Click Next
  12. Enter in your Organization details and Location details. Complete all the details as requested.
    Click on Browse at the bottom to select a folder and file name for your Exchange Certificate Request (CSR).

    Organization and Location

  13. Click Next
  14. Verify your details are correct, then click New to generate the CSR.
  15. Click Finish
  16. You should now see your pending certificate request in the list of Exchange Certificates

    Exchange Certificates

2. Renew/buy and setup your GoDaddy UCC SLL Certificate

These images are taken from the GoDaddy renewal process, but if you are purchasing a new certificate, the process will be very similar.

  1. When asked “Where is your certificate going to be hosted?“, select THIRD PARTY, OR DEDICATED SERVER.

  2. Browse to your Certificate Request File that you just created from your Exchange 2010 Server and open it with notepad. Copy and Paste the text from the file to the box where it says “Enter your Certificate Signing Request (CSR) below
  3. Verify the correct Subject Alt names are listed. These should be the same domain names you listed under Certificate Domains when you generated the CSR.
  4. Then select GoDaddy as your Certificate Issuing Organization.
  5. Click Next
  6. On the next window, confirm all your settings and click Next.

  7. Launch the SECURE CERTIFICATE SERVICE from your control panel in GoDaddy.
    You will see that there is a Pending Request. GoDaddy will send an email to the domain administrator and account holder of the GoDaddy Account to verify that the Certificate is correctly acquired by you, the domain owner/administrator. Click on the link in the email to verify. Shortly after that the new certificate will appear under the Certificates folder in the Secure Certificate Service.
  8. When the certificate is ready, select the certificate and click on the download option. In the Download Certificate windows, select EXCHANGE 2010 from the drop down and click Download. A ZIP file will be downloaded. Extract the ZIP file and save the certificates.

3. Complete the Exchange 2010 Pending Certificate request

  1. Open the Exhange Management Console, and go to Server Configuration.
  2. Right-click on the new pending certificate request you created and select Complete Pending Request.
  3. Click Browse and browse to the folder where you saved the content of the ZIP file.
  4. Change the file type to *.*, and select the .cer file
  5. Click Complete

When the process is done, you will notice that your new certificate will show as SELF SIGNED = FALSE.

4. Assign the Exchange 2010 Services to the Certificate

  1. Right-click on your new certificate again and select Assign Services to Certificate.
  2. Select the Exchange 2010 servers that this certificate will be applied to.

    Select Servers
  3. Click Next
  4. Select all the services that your certificate will be used for.

    Select Services
  5. Click Next
  6. Make sure your configuration summary is correct and click Assign.

You are complete.

You may need to go into your IIS Manager and assign the certificate to your Outlook Web Access site, by editing the Bindings of the default site.

11 thoughts on “How To: Renew a GoDaddy Exchange 2010 SSL Certificate”

  1. You CAN use the standard renewal process you just need to “fix” the CSR by running a single command line utility. This converts the CSR from binary DER format to ASCII Base64 format with the typical Begining and End lines, “—–BEGIN NEW CERTIFICATE REQUEST—–” & “—–BEGIN NEW CERTIFICATE REQUEST—–” with the encoded data in between.

    Certutil -encode [c:\PATHTOCSR\Csr.req] [c:\PATHTONEWASCIICSR\Csr_ASCII.req]

    Then, you can just open the new CSR file in notepad or your favorite text editor. Copy and paste the information into Godaddy’s website, and continue as usual.

    I tried to find again the source that provided this amazing tip to me but couldn’t. I do want to therefore just give a general Thank You to everyone that takes the time to post tips and advice for the rest of us to use. Hopefuly this post will help somebody as well.

  2. Today while searching for some Godaddy UCC certificate alternative, i came across your blog post explaining how to renew Godaddy exchange ssl.

    I really liked your detailed guide and i am sure many people finding this guide helpful. I just want to share this article i found that saved my $100 on renewal of UCC certificate https://www.ssl2buy.com/wiki/godaddy-ucc-certificate-alternatives-learn-how-to-save-over-100/

    I am completely agree with the author of this article who nicely explained the reasons and benefits to shift my SSL vendor from Godaddy to Comodo

  3. Thanks for this post Steve.

    I always have trouble when renewing certificates as each server setup is different. This post certainly helped make the renewal process smoother.

    Thanks again

  4. Thank you so much for these instructions. I spent so much time finding instructions to install a Renewed Cert in Exchange 2010. GoDaddy provided was not so helpful.

  5. Hi Steve,

    Thanks for this write up! I always seem to bump into cert renewal issues, but I have this marked as a favorite now since it has served me perfectly a couple of times. Cert renewals are pretty straight forward, but they are done so infrequently that it’s hard to remember all of the small details.

    Thanks again sir!

  6. Steve,

    Thanks for the guide – I’m almost finished renewing our SSL certs. However, after I finish “Complete Pending Request…” – I cannot assign Services to the certificate.

    Do I need to delete the old cert instance first before this will work properly?

  7. Thank you for this easy to use guide. Go Daddy has updated their screens and the process is even easier but the new request worked perfectly.

  8. I found the solution to Pending Requests unable to finish:

    Re: Exchange 2010 Certificate cant complete pending request

    I had the same problem today. After the third cert from the CA didn’t work I decided to get creative and found the following worked a treat.

    Look in the server’s private certificate store – you should find the certificate from you CA is installed but doesn’t have an association with the private key generated by the request (which is why the request is still pending and will not allow assigning services).

    Open the the certificate from the CA and on the details tab find the thumbprint field at the bottom and copy it to your clipboard (CTRL-C).

    Run this from a cmd prompt:
    certutil -repairstore My “”

    The quotes around the thumbprint are required.

    Refresh your view of the certificate store and hopefully your cert is now associated with its private key! Exchange will now list the certificate and allow you to assign services to it.

Comments are closed.