Contact us at |support@ssldragon.com
  • install an ssl certificate on exchange

How to Install an SSL Certificate on Exchange?

Monday, January 14th, 2019

In this guide, you will learn how to install an SSL certificate on Exchange servers (MXS). Since we cover different MXS versions, please check your MXS release before continuing with this tutorial. An essential MXS pre-installation step is CSR (Certificate Signing Request) generation.

Below you will find CSR and installation tutorials for each MXS version. Besides the technical stuff, this guide also presents an overview of Microsoft Exchange history and all its versions. Finally, the last part features useful tips on where to buy the perfect SSL Certificate for the Microsoft Exchange Server.

How to Generate a CSR code in Microsoft Exchange 2003?
How to Generate a CSR code in Microsoft Exchange 2007?
How to generate a CSR code in Microsoft Exchange 2010?
How to generate a CSR Code in Microsoft Exchange 2013 & 2016?
How to install an SSL Certificate on Exchange 2003?
How to install an SSL Certificate on Exchange 2007?
How to install an SSL Certificate on Exchange 2010?
How to install an SSL Certificate on Exchange 2013 & 2016
Microsoft Exchange Server History and Versions
Where to buy an SSL Certificate for Microsoft Exchange?

How to Generate a CSR code in Microsoft Exchange 2003?

For certificate management, Microsoft Exchange 2003 works in tandem with the Microsoft IIS console. Please consult our in-depth guide on how to generate a CSR code in Microsoft IIS 5 & 6  and then return to this guide.

How to Generate a CSR code in Microsoft Exchange 2007?

  1. Click Start, go to All Programs > Microsoft Management Server 2007, and select Exchange Management Shell
  2. Copy-paste the following command into a plain-text editor such as Windows Notepad:
    New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, L=City, S=State, O=Company Name, OU=Organizational Unit, CN=www.website.com" -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.tx:
  3. Update the following parameters as shown below:
    • C –Two-letter country code of your organization’s location (e.g. US)
    • L – Full name of the city or locality of your organization (e.g. San Jose)
    • S – Full name of your organization’s state, region, or province (e.g. California)
    • O – The legally registered name of your organization (e.g. GPI Holding, LLC)
    • OU – The organization unit responsible for SSL management (e.g. IT)
    • CN – The fully qualified domain name you want to secure (e.g. ssldragon.com)

      Note: If you want to secure your site with a Wildcard SSL certificate, add an asterisk in front of the domain name (e.g. *.ssldragon.com).

    • privatekeyexportable – set this parameter to $true to enable export of the certificate
    • -keysize –  set this parameter to 2048 (the industry standard bit-length)
    • -Path – indicate the path and filename of the generated certificate (e.g. c:\csr\certrequest.txt). In this example your certificate will be created in the “csr” folder on your C: Drive
  4. Double-check the command you’ve just edited and copy-paste it into Exchange
  5. If the CSR generation is successful, your thumbprint will become available. Now, you need to copy and paste the whole content in a text file including —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—–
  6. Submit your newly generated CSR during the order process with SSL Dragon.
  7. Wait for CA to validate your request, and issue the SSL Certificate. Once it arrives in your email inbox, prepare to install the SSL Certificate.

How to generate a CSR code in Microsoft Exchange 2010?

Microsoft Exchange Server 2010 introduced a large list of improvements and new features such as database, client access server, personal archive, reduced hardware requirement and many more. The CSR creation process also changed from the previous versions. Please, follow the steps below to successfully generate your CSR code for MXS 2010.

  1. Launch the Exchange Management Console via Start > Programs > Microsoft Exchange 2010.
  2. In the Organizational Health tab click Manage databases under the Organization Summary
  3. On the left Exchange menu, select Server Configuration, then choose New Exchange Certificate from the right pane
  4. The New Exchange Certificate wizard will open. In the Introduction menu, enter a friendly name for the certificate and click Next
  5. In the Domain Scope section click Next.

    Note: If you want to add a Wildcard certificate, check the Enable Wildcard Certificate box, and enter the root domain name together with an asterisk, (e.g. *.ssldragon.com) and then click Next

  6. Under Exchange Configuration, select the services you want to secure and click Next
  7. On the Certificate Domains page, add the common name (the fully qualified domain name associated with the SSL Certificate). Click Set as common name, then Next
  8. In the Organization and Location section fill in the fields with up-to-date info about your company. Make sure you enter the official name, and the location where the organization is legally registered
  9. On the same Organization and Location section click Browse and select a save location for your CSR file. Specify a name for the .req file and click Save
  10. Now, in the New Exchange Certificate wizard click Next, then New, and finally Finish
  11. Next, you need to open the CSR file and copy-paste the whole content including —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– in a text editor file such as Notepad
  12. Use the CSR in the order process with SSL Dragon
  13. Wait for CA to approve your SSL request, and once you receive the certificate, proceed with the installation.

How to generate a CSR Code in Microsoft Exchange 2013 & 2016?

We’ll be using Exchange Admin Center (EAC) to create your CSR.

  1. Open your browser and type the URL of your server (e.g. https://localhost/ecp) to access the Exchange Admin Center
  2. On the EAC page select Servers from the left menu, then click on Certificates at the top right
  3. Click the + symbol to start the new Exchange certificate wizard
  4. In the new window, select Create a request for a certificate from a certification authority, and then click Next
  5. Now, enter a Friendly name for your certificate. You may choose any name you want; however, we recommend entering your domain name in order to not get confused
  6. If you want to secure your mail server with a Wildcard certificate, check the box and enter the base domain name with an asterisk in front of the domain (e.g. *.ssldragon.com). For regular certificates, leave the box unchecked. Click Next
  7. In the next window, click Browse, then select the Server where you want to store the certificate request on. Click Next
  8. Skip this step if you’re generating a CSR code for a Wildcard Certificate; otherwise, continue. From the list, select the services that you would like to associate with your SSL Certificate. Use “Ctrl+Left Click” to highlight the services. When you’re done, click Next.
  9. If you have a multi-domain SSL certificate, a list of domains and subdomains which you can include will appear in the next window. Use the + to add any additional names, or the button to remove the unwanted ones. Make sure you don’t remove the server’s name, as it is also present in the list. Double-check your names and click Next
  10.  Specify information about your organization. Follow the examples below:
    • Organization name – the officially registered name of your organization
    • Department name – the department that manages your SSL Certificates. Usually, it is IT
    • Country/Region name – the country where your organization is legally located
    • City/Locality – the city/locality where your company is legally located
    • State/Province – the state/province where your business is legally located
  11. In the next window, under the *Save the certificate request to the following file, enter the path where you want to save the certificate request file (.req file), then click Finish
  12. Open your newly generated CSR code with a text editor such as Notepad. Copy the content of that file and past it into the SSL Dragon order form. Make sure you include the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags
  13. Wait for your SSL Certificate to arrive in your email inbox, then continue with the installation.

Once the Certificate Authority has validated your SSL request, you can install the certificate on your Exchange server. Select the version you use, and complete the actions below:

How to install an SSL Certificate on Exchange 2003?

After you have received the archived SSL certificate file from your SSL provider, open it and extract the primary and intermediate certificates. Save their entire content in a text editor like notepad, and upload it to your server.

Create a certificate snap-in and install the intermediate certificate:

  1. Go to Start > Run, and type MMC (Microsoft Management Console), then click OK
  2. In the MMC console click File > Add/Remove Snap-in. Select the Add tab
  3. From the list of snap-ins, choose Certificates and click the Add button
  4. Select Computer Account and click Next
  5. Select Local Computer (the computer this console is running on) and click Finish
  6. Close the snap-ins window, and click OK in the Add/Remove Snap-in window.

Continue with the intermediate certificate installation:

  1. From the same MMC console, double-click on Intermediate Certification Authorities folder (left-side pane)
  2. Hover your mouse to the right pane and right-click on Certificates. Select All Tasks, and them Import
  3. The Certificate Import Wizard will open. Click Next
  4. Browse the location of your intermediate certificate file and click Next
  5. Choose Place all certificates in the following store and select Intermediate Certification Authorities. Click OK
  6. Click Finish. A message will confirm the successful import of the intermediate certificate. Click OK.

Now, install the primary SSL Certificate in MXS 2003:

  1. Go to Start > Programs > Microsoft Exchange > System Manager
  2. Expand the Administrative Groups folder, and then expand the First Administrative Group (the name of your administrative group).

    Note: If the display administrative groups option is turned off, right-click Your_Organization > Properties > Display administrative groups check box, click OK twice, and then restart Exchange System Manager

  3. Expand the Servers folder, and then the Exchange Server Container that you want to configure
  4. Expand Protocols, and then go through each protocol you want to configure. For example, if you want to configure the POP3 protocol, expand it, and then right-click on Default POP3 Virtual Server, and click on Properties
  5. In the new window, select the Access tab, and click on Certificate to start the Certificate Wizard
  6. On the Pending Certificate Request page, select Process the pending request and install the certificate, and then click Next
  7. In the Process a Pending Request window, indicate the path of your SSL Certificate (the location where you saved the certificate received from your SSL provider)
  8. Double-check the Certificate Summary box, and then click Next
  9. Click Finish. Congratulations, you have successfully installed the SSL Certificate on the Exchange server.

How to install an SSL Certificate on Exchange 2007?

Before installation, make sure you’ve saved the SSL Certificate files provided by your Certificate Authority to your server’s directory.

  1. Go to Start, click Run, and type MMC (Microsoft Management Console). Click OK
  2. In the Console, hover your mouse to the top-left corner and click on File > Add/Remove Snap In
  3. Now, select Certificates, and then click on Add
  4. Select Computer Account, and Click Next
  5. Select Local Computer, and hit the Finish button
  6. Click OK to close Add/Remove Snap-ins, and return to the console
  7. In the console, expand the Certificates folder, and from the list of folders, right click the Intermediate Certificate Authorities one
  8. Go to All Tasks, and then click Import to open the Certificate Import Wizard
  9. In the Certificate Import Wizard click Next, then Browse to locate your intermediate Certificate file, and hit again Next
  10. Choose Place all certificates in the following store: Intermediate Certification Authorities. Click Next, and then Finish
  11. With the intermediate certificate installed, it’s time to focus on the primary one. Open the Start menu, select Microsoft Exchange Server 2007, then click Exchange Management Shell
  12. Now, enter the following code to import the certificate:
    Import-ExchangeCertificate -Path C:\your_certificate.crt

    Note: Don’t forget to replace your_certificate.crt with the complete path and file name of your certificate.

  13.  Next, add the following command to enable your SSL certificate:
    Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS"

    Important: Paste the thumbprint on your certificate in place of paste_thumbprint_here, and specify the services you intend to use such as SMTP, POP, IMAP, UM, and IIS.

  14. Close the Exchange Management Shell. That’s it! You’ve successfully secured your Microsoft Exchange 2007 server!

How to install an SSL Certificate on Exchange 2010?

Installing an SSL certificate on Exchange 2010 requires three essential actions: certificate snap-in creation, intermediate certificate installation, and, finally, primary certificate installation. Let’s take it one step at a time:

Certificate Snap-in creation:

  1. Click Start, open the Run window, and then type MMC (Microsoft Management Console). Press OK
  2. In the console, go to File and select Add/Remove Snap-in
  3. Next, from the Add/Remove Snap-in box, select Certificates and click on Add
  4. Now, select Computer Account, then Next
  5. Choose Local Computer and press Finish
  6. Exit the Add Standalone Snap-in window
  7. Click OK and close the Add Standalone Snap-in window.

Intermediate certificate installation:

  1. In the console, on the left menu, right-click on Intermediate Certificate Authorities
  2. Select All Tasks, and then Import
  3. In the Certificate Import Window, click Next
  4. Click Browse to locate the intermediate certificate file on your machine, and click Next
  5. Now, choose Place all certificates in the following store and select Intermediate Certification Authorities from the Select Certificate Store window. Click OK
  6. On the following page, click Next
  7. Click Finish, then OK, and close the MMC console. Click NO to remove the MMC console settings

Primary certificate installation:

  1. Click on Start, and the go to All Programs > Microsoft Exchange Server 2010 > Exchange Management Console.
  2. In the console, on the left menu, select Microsoft Exchange On-Premises > Manage Databases, and click on Server Configuration
  3. From the Exchange Certificates, choose your primary SSL certificate, and then from the right-side Actions menu, click Complete Pending Request
  4. In the next window, click Browse to indicate the path of your certificate file, and press Open
  5. Back in the Complete Pending Request window, hit Complete

    Important: If the following error appears “The source data is corrupted or not properly Base64 encoded,” Verify the Self Signed field. If it set as True, press F5 to refresh the console. If it still says True, create a new CSR and then reissue the certificate.

  6. Click Finish to return to MMC. Here, from the Action menu, select Assign Services to Certificate
  7. Pick the server you want to assign services to, and then press Next
  8. Now, select the services you want to secure, and then hit Next
  9. Click Assign > Finish 

Well done! You have finished the SSL installation on Microsoft Exchange Server 2010.

How to install an SSL Certificate on Exchange 2013 & 2016?

First, you need to create a Certificate Snap-in from the Microsoft Management console:

  1. Top open the console, click Start>Run. Type MMC in the command box and hit OK
  2. Click on File and choose Add/Remove Snap-in
  3. Next, select Certificates and click Add
  4. In the following window, pick Computer Account, and press Next
  5. Select Local Computer and click Finish
  6. Close the Snap-ins list window
  7. Click OK in the Add/Remove Snap-in window.

Now, you need to install the intermediate certificate:

  1. From the left menu of the MMC, right-click on Intermediate Certificate Authorities.
  2. Go to All Tasks > Import
  3. The certificate import window will open. Click Next
  4. Browse Intermediate certificate and hit Next
  5. Now, select Place all certificates in the following store and then pick Intermediate Certification Authorities from Select Certificate Store page
  6. In the Certificate Import Wizard window, click Next
  7. Click Finish > OK.
  8. Close the MMC console, and then select NO to remove the MMC settings.

Your next step is to install the primary SSL certificate:

  1. Log in into the Exchange Admin Center
  2. Click on Servers (left side of the server screen), and then click on Certificates (top-right side)
  3. Next, select your SSL Certificate (the one with the Pending request status), and click Complete on the right-side menu
  4. Now, enter the network path of your SSL Certificate and click OK
  5. Return to the Certificate page of the Exchange Admin, and click Edit (second icon, next to +). Important: Make sure the right SSL certificate is highlighted
  6. In the next window, select Services, and pick the services you wish to enable. Click Save
  7. Congratulations, your SSL Certificate is up and running!

Microsoft Exchange Server History and Versions

Microsoft Exchange Server (MXS) is one of the most popular mail and calendaring servers on the planet. It dates back to 1996 when Microsoft released the first Exchange Server 4.0. Fast-forward 20 years and Microsoft Exchange is doing better than ever. The latest 2016 version introduced a set of new features such as Combine roles, Outlook on the web, and office hybrid.

Microsoft has already announced the brand new MXS 2019 version scheduled for the second half of 2018. Among new features, Microsoft has added support for installing Exchange Server 2019 onto Windows Server Core and running it with up to 48 processor cores and 256GB of RAM. Calendaring is arguably the most welcome addition since both small and large enterprises use calendars on a large scale.

Listed below, you’ll find all of Microsoft Exchange Versions:

  • Exchange Server 4.0 Standard Edition – released on June 11, 1996.
  • Exchange Server 5.0 – released on May 23, 1997
  • Exchange Server 5.5 – released on February 3, 1998
  • Exchange 2000 Server – released on November 29, 2000
  • Exchange Server 2003 – released on September 28, 2003
  • Exchange Server 2007 – released on March 8, 2007
  • Exchange Server 2010 – released on November 9, 2009
  • Exchange Server 2013 – released on December 3, 2012
  • Exchange Server 2016 – released on October 1, 2015

Where to buy an SSL Certificate for Microsoft Exchange?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products. All our certificates are compatible with the Microsoft Exchange. Whether you want to secure a website or your email correspondence, we’ve got you covered. Outlined below are the types of SSL certificates available at SSL Dragon:

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly-accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.