Ssl certificate blues

The Exchange server certificate for this organisation, I work for expired in the first weeks of me joining the organistion and I was tasked with always advising users to click on the "Continue to this website" warning so they could use Outlook web access.

I received a number of calls depending on the different browsers that users used, with Firefox having the scariest message "This Connection is Untrusted" and warning users to stay away from this particular page unless they understood the security risk!

This went on until a security certificate from thawte was purchased. Tasked to install the certificate using the instructions provided I got more confused but a support guy from Thawte told me that once a CSR is generated with powershell, the certificate should also be installed via powershell and if generated with Microsoft IIS so it should be installed, this was new to me but non the less I followed his advice and had a new CSR generated with IIS.

The whole certificate install process is pretty simple task as I had done a google search prior to starting on this whole process which I thought would be done in a couple of minutes and since I had trouble following the instructions on Thawte's website I opted to instead install the certificate with help from their support staff through live chat , which made the process really easy... I later noticed that Go-daddy and other vendors had much easier instructions one could follow for the whole certificate installation process. However,with the support staff below are the steps we followed and were able to create a new CSR and also install a new Certificate on the server.

1. Create a temporary website in IIS
2. Generate a CSR using the wizard on the temporary website
3. Send the CSR to the particular vendor you wish to buy the certificate from.
4. Once you receive the Certificate install it on the temporary website in IIS.
5. Then install the intermediate Certificates using Microsoft Management Console (MMC). In the Intermediate Certification Authorities under certificates import the different certificates you wish to install.
6. Then go back to IIS on the default website you wish to use the certificate on, using the wizard replace the current certificate with the new you got (Installed on the temp site). Please view the details just to be sure its the right certificate.
7. Restart IIS on the server, this will shut down the website temporarily.
8. Then depending on the particular vendor of the certificate you could check your website and see if the annoying message has left and also if you have the https:// section of your website in green!

I finally had the thawte certificate installed and working fine although the installation guide on their website is really annoying, the live chat support staff are a blessing!