generate exchange certificate without CA in your organization Posted on February 16, 2012 by dpejic New-ExchangeCertificate -domainname webmail.mydomain.com,SRVCASHUB-1,SRVCASHUB-1.mydomain.com,autodiscover.mydomain.com,mail.mydomain.com ###The old certificate is enabled for IIS, POP, IMAP and SMTP. The new certificate generated using the above command is enabled only for POP, IMAP and SMTP – IIS is missing. To enable the certificate for IIS: Enable-ExchangeCertificate -thumbprint "3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E" -services IIS Remove-ExchangeCertificate -thumbprint "C5DD5B60949267AD624618D8492C4C5281FDD10F"