Monday, July 15, 2024

Configure SSL Certificate – Local Exchange

Installing an SSL certificate is an essential part of the Exchange 2016 configuration and is usually one of the first tasks that you would perform when installing a new Server. Normally I would install a certificate using Powershell but for this tutorial I have decided to go through the Exchange Admin Center and do it the slower, more next next next finish approach! Login to the EAC with your admin credentials and navigate to the ‘Servers’ section and click on ‘Certificates’.

You will see the standard certificates that are installed by default. To add a new certificate, click on the ‘+’ icon.

Click on ‘Next’ to start the process.

Here we give the certificate a ‘Friendly Name’. This can be anything you like. Then click ‘Next’.   Do not tick the box as we are not using a Wild Card Certificate. Click ‘Next’.

Select the Server name that you are applying the certificate to. In this case we only have one Server. Click ‘OK’ and then ‘Next’.

Here we get to assign the FQDN name to ALL the services, both local and external. I have opted to use ‘’ for all the services except AutoDiscover, which will be ‘’. Change the items to match what your domain is and click ‘Next’.

You will be presented with a summary of the domains, however it will still have local names there. You need to remove them all apart from the external FQDN’s that were used in the previous screen.

  Therefore the screen should look like this. Click ‘Next’.

The items here relate to the organization so they must watch your company details. When the SSL certificate details are shown on the web, this is the information that is shown. Click ‘Next’.

Then provide a full UNC path for the certificate request to be stored. Click ‘Finish’.

Looking at the certificate request file, you will see the text similar to what is shown here. This is the CSR request that is pasted into your certificate purchase with your SSL provider. They will process the certificate and give you back a response file. Once you obtain the response file you can continue.

The request for the certificate is waiting on the ‘Pending Request’ prompt. Click on the ‘Complete’ link and give it the path of the response file you received.

Click on OK to process the certificate installation. The certificate will now show as being ‘Valid’. To activate the services that will use this certificate, click on the Certificate and then the edit option (the pencil).

Click on ‘Services’, then put a checkmark next to the services as shown. Click OK.

You will get the prompt asking if you wish to replace the current certificate. Click Yes.

Now you are all done. Checking on the certificate you can see the date it is valid to and the services that are assigned. To check it, go to the OWA site and make sure that the SSL connection is working properly.

Mark Rochester
Mark Rochester
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Migrate Microsoft 365 Mailboxes to Google Workspace

This is not a very common subject to talk about as most of the migrations that get performed are people moving into the Microsoft...

Microsoft 365 Discovery Report

If you are working with a Microsoft 365 tenant, whether it is for your own or for a client, it is often necessary to...

Batches Paused in ‘Needs Approval’ Status

When you are using the native Microsoft tools to migrate from Google Workspace (Gmail) into Microsoft 365 the tool works very well. It does...

Stay Connected

- Advertisement -

Latest Articles