This requires a CertAuthority to be setup on your E2K7 CAS and E2K7 PowerShell installed.'
We begin by creating a certificate request. And because we most likely need the certificate to cover multiple names/aliases for our server, we use the following command:
New-ExchangeCertificate -DomainName mail.domain.com, e2k7.domain.lan, autodiscover.domain.lan -FriendlyName "Exchange Hosting Certificate" -GenerateRequest:$True -Keysize 1024 -path c:\e2k7hosting.txt -privatekeyExportable:$true -subjectName "c=us, o=Organization Name, CN=mail.domain.com"
This will create a certificate request with the name e2k7hosting.txt in the root of C. Make sure you replace the -DomainName with the values appropriate for you, covering all the names that OWA, Outlook or ActiveSync might be using to connect to your server.
Now open this text file and copy the content of it to the clipboard. Once you have done that, open an internet browser and navigate to https://servername
Next import the certificate into the default IIS site for your E2k7 server through the PowerShell once again by using the following command:
import-exchangecertificate -path c:\certificatename.p7b | enable-exchangecertificate -services iis
Check the IIS default site if the correct certificate is now listed as installed.
Distribute the .cer to your mobile clients and install.