To request and install a server certificate to provide TLS encryption for all SMTP virtual server communication when you have an online CA
Click Start. click Run. type MMC in the Open text field and press Enter. A default Microsoft Management Console (MMC) opens.
Click the File menu, and then click Add/Remove Snap-in .
Select Certificates from the Available snap-ins menu, and then click Add>. On the Certificates snap-in dialog box, select Computer account. and then click Finish. Click OK .
Expand Certificates (Local Computer). Select Personal. Right-click, and then select All Tasks and Request New Certificate. The Certificate Enrollment wizard starts.
On the Before You Begin page, click Next .
On the Request Certificates page, select the box next to Computer. Click the double chevron icon next to Details. and then select Properties .
On the General tab, type a friendly name and description for the certificate.
On the Subject tab, in the Subject name section, use the Type drop-down menu to select Common name. In the Value field, type the FQDN of the server. Click Add>. In the Alternative name section, use the Type drop-down menu to select DNS. In the Value field, type the FQDN of the server. Click Add> .
On the Extensions tab, click the double chevron icon next to Extended Key Usage (application policies). Verify that Server Authentication is a selected option.
On the Certification Authority tab, select the CA that will issue the certificate.
Click OK to
save all changes and close Certificate Properties .
Click Enroll on the Request Certificates dialog box. Click Finish to close the Certificate Enrollment wizard.
In the Features pane, select Server Certificates. In the Actions pane, select Open Feature .
In the Actions pane, select Create Certificate Request. The Certificate Request wizard starts.
On the Distinguished Name Properties page, complete all fields, and then click Next .
On the Cryptographic Service Provider Properties page, verify that Microsoft RSA SChannel Cryptographic Provider is selected and that Bit Length is set to 1024. Click Next.
On the File Name page, locate where you want to save the file, and provide a name for the file. The file will have a .txt extension. Click Finish .
Submit the file to your CA. When the administrator has issued the certificate, a file that has the .cer extension is returned to you.
In IIS Manager, select the server node. In the Features pane, select Server Certificates. In the Actions pane, select Complete Certificate Request .
On the Specify Certificate Authority Response page, type the file path and name of the *.cer file or browse to the file location, select the file, and then click Open. Click OK to install the certificate.
To create and install a self-signed server certificate to provide TLS encryption for all SMTP virtual server communication
Click Start. click Run. type cmd in the Open text field, and then press Enter. A command shell window opens.