Wednesday, November 29, 2023

Configure SSL Certificate – Local Exchange

Installing an SSL certificate is an essential part of the Exchange 2016 configuration and is usually one of the first tasks that you would perform when installing a new Server. Normally I would install a certificate using Powershell but for this tutorial I have decided to go through the Exchange Admin Center and do it the slower, more next next next finish approach! Login to the EAC with your admin credentials and navigate to the ‘Servers’ section and click on ‘Certificates’.

You will see the standard certificates that are installed by default. To add a new certificate, click on the ‘+’ icon.

Click on ‘Next’ to start the process.

Here we give the certificate a ‘Friendly Name’. This can be anything you like. Then click ‘Next’.   Do not tick the box as we are not using a Wild Card Certificate. Click ‘Next’.

Select the Server name that you are applying the certificate to. In this case we only have one Server. Click ‘OK’ and then ‘Next’.

Here we get to assign the FQDN name to ALL the services, both local and external. I have opted to use ‘’ for all the services except AutoDiscover, which will be ‘’. Change the items to match what your domain is and click ‘Next’.

You will be presented with a summary of the domains, however it will still have local names there. You need to remove them all apart from the external FQDN’s that were used in the previous screen.

  Therefore the screen should look like this. Click ‘Next’.

The items here relate to the organization so they must watch your company details. When the SSL certificate details are shown on the web, this is the information that is shown. Click ‘Next’.

Then provide a full UNC path for the certificate request to be stored. Click ‘Finish’.

Looking at the certificate request file, you will see the text similar to what is shown here. This is the CSR request that is pasted into your certificate purchase with your SSL provider. They will process the certificate and give you back a response file. Once you obtain the response file you can continue.

The request for the certificate is waiting on the ‘Pending Request’ prompt. Click on the ‘Complete’ link and give it the path of the response file you received.

Click on OK to process the certificate installation. The certificate will now show as being ‘Valid’. To activate the services that will use this certificate, click on the Certificate and then the edit option (the pencil).

Click on ‘Services’, then put a checkmark next to the services as shown. Click OK.

You will get the prompt asking if you wish to replace the current certificate. Click Yes.

Now you are all done. Checking on the certificate you can see the date it is valid to and the services that are assigned. To check it, go to the OWA site and make sure that the SSL connection is working properly.

Mark Rochester
Mark Rochester
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

CloudOCM Video Training

Yes, migrations are often complex and difficult. One of the hardest things is to get your userbase educated in all of the new systems...

Introducing CloudOCM

The most common questions in migrations with Microsoft 365 is always this..... "Do you have any email templates for the communications?" "What can we use to...

Stop Microsoft Teams Sprawl

Anybody that has come into an organization and looked at the Teams Admin Center, had a heart attack because there are so many Teams...

Stay Connected

- Advertisement -

Latest Articles