Install a Geotrust SSL certificate for Microsoft Exchange 2010
Posted by Gareth S on 20 November 2012 01:04 AM

To install a Geotrust SSL certificate on Microsoft Exchange 2010 server, perform the following steps:

Step 1: Obtain the Geotrust Intermediate CA bundle

Step 2: Adding the Certificates Snap-in to the Microsoft Management Console (MMC):

  1. From the Web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use

Step 3: Install the Geotrust Intermediate CA bundle

  1. Using the same Console, double-click on Intermediate Certification Authorities from the right pane
  2. Right-click on Certificates from the right pane and select All Tasks > Import to open the Certificate Import Wizard
  3. Click Next
  4. Specify the location of the Geotrust intermediate file obtained from Step 1 by clicking Browse
  5. Click Next
  6. By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Nextbutton.
  7. Click Finish
  8. A message will appear confirming the successful import of the certificate. Click OK

Step 4: Locate and Disable the Geotrust self signed Root CA

Note : For QuickSSL, QuickSSL Premium, GeoTrust True BusinessID, GeoTrust True BusinessID Wildcard, Enterprise SSL, Enterprise SSL Wildcard locate the below root.

  1. Using the same Console, expand the Trusted Root Certification Authorities folder on the left and select the Certificates sub-folder.
  2. Locate the following certificate;
    Issued to: Geotrust Global CA
    Issued by: Geotrust Global CA
    Valid from: 5/20/2002 to 5/20/2022
    Serial number: 02 34 56
  3. If this certificate is present, it must be disabled. Right click the certificate, select Properties.
  4. In the Certificate purposes section, select Disable all purposes for this certificate, then click OK.
  5. Close the MMC console, there is no need to save the console settings

Note : For GeoTrust True BusinessID with EV locate the below root

  1. Using the same Console, expand the Trusted Root Certification Authorities folder on the left and select the Certificates sub-folder.
  2. Locate the following certificate;
    Issued to: Geotrust Primary Certification Authority
    Issued by: Geotrust Primary Certification Authority
    Valid from: 11/26/2006 to 7/16/2036
    Serial number: 18 ac b5 6a fd 69 b6 15 3a 63 6c af da fa c4 a1

Step 5: Install the SSL certificate

Geotrust will send the SSL certificate via email.

Using a plain text editor such as Notepad, paste the content of the certificate.

The text file should look like:

[encoded data]

Note : Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added. Save the file with the extension of .cer.

Installing the certificate with the Exchange Management Console:

  1. Start the Exchange Management Console: Start > Programs > Microsoft Exchange 2010 > Exchange Management Console
  2. Select "Manage Databases", and then select "Server configuration"
  3. Select the certificate from the center menu (listed by its Friendly Name), and then select "Complete Pending Request" from the "Actions" menu.
  4. Browse to the certificate file, then select Open > Complete

    Note: Occasionally Exchange 2010 will show an error message stating that "The source data is corrupted or not properly Base64 encoded." Please ignore that error, even though it occurs the certificate often still installs correctly.

    Press the F5 key to refresh the certificate and verify that it now says "False" under "Self Signed". If it still shows "True", the wrong certificate may have been selected or the request may have been generated on a different server. To resolve this issue, create a new CSR on this Exchange server and reissue the certificate.
  5. To enable the certificate, go back to the Exchange Management Console and click the link to "Assign Services to Certificate"
  6. Select the server from the list provided, then click Next
  7. Select the services for which the certificate must be enabled then click Next > Assign > Finish

    The certificate is now Installed and Enabled for use with Exchange.


Geotrust has made efforts to ensure the accuracy and completeness of the information in this document. However, Geotrust makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Geotrust assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, Geotrust assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
Leave Your Feedback:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

© 2012 All rights reserved • Privacy PolicyTerms of Service