This blog describes how to generate Certificate Signing Request (CSR) and install SSL Certificate in Microsoft Exchange 2013/2016.
Please follow the steps below:
- Generate Certificate Signing Request (CSR):
- Login Exchange Server and open EAC – Exchange Administration Center
- In the left column Click on Servers
- At the top-right Click on Certificates
- Click + to add new certificate and new exchange certificate will start here
- Choose Create a request for a certificate from a certification authority (Note: Do not use self-signed certificate option. Self-signed certificates are not trusted.)
- In the friendly name field, enter exchange2013ssl then click Next
- Do not action in this step, just click Next button
- Choose server where you want to store certificate request on
- Select an Access type (such as Outlook Web App or OWA), click Edit (pencil icon), enter the domain name that clients will use to connect to it, and then click OK. If necessary, repeat the process to secure additional services, and then click Next.
- Select and/or add the SAN domains that outlook clients use Exchange server, and then click Next. (Warning! Do not add a netBios name, IP address and local domain names. Read more about local domain name depreciation from the CA / B forum)
- Add organization information and click next
- Organization name: Your Company name
- Department name: Server Support
- Country/Region name: Select country name
- City/Locality: Valid name of the city where your company is registered
- State/Province: Valid name of the State where your company is registered
- Add the path where you want to save this certificate request file.
Click Finish, and the certificate request will be generated in the UNC path you chose.
You can now submit the CSR to a certificate authority. When you’ve received your certificate, return to the Exchange Admin Center and complete the pending certificate request.
2. Install and Configure SSL certificate:
-
Download and open the ZIP file containing your certificate. Your certificate file will be named sslcertificate.cer.
-
Copy the sslcertificate.cer file to your Exchange server's network share folder (where you saved the CSR).
-
Access the Exchange Admin Center (EAC) by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).
-
On the Exchange Admin Center credentials page, enter your Domain/user name and Password and then click sign in.
-
In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.
-
On the Certificates page, in the center pane, select your certificate request and then in the certificate request details pane to the right, under Status, click the Complete link. Note: Certificate request are listed by their friendly names.
-
In the complete pending request wizard, under *File to import, enter the UNC path to where your SSL certificate file is located (e.g., \\example\certificates\sslcertificate.cer) and then click OK.
-
The certificate should be successfully installed on your Exchange server, and the status of your certificate request should now be Valid.
Assign Services
-
On the Certificates page, in the center pane, select the SSL certificate you just installed and then click ✏ (pencil icon).
-
In the "certificate" window, click Services.
-
Next, check all the services for which you want to enable your SSL certificate and then click Save.
-
Your SSL certificate should now be enabled for the services you selected on your Exchange server.
Now if you have two or more Exchange Server installed, you can Export the SSL Certificate to an specific location from where you have installed before and Import the certificate to the next Exchange Server.