How to Install an SSL Certificate on Exchange

In this guide, you will learn how to install an SSL certificate on Exchange servers (MXS). Besides the technical stuff, this guide also presents useful tips on where to buy the perfect SSL Certificate for the Microsoft Exchange Server.

Since we cover different MXS versions, please check your MXS release before continuing with this tutorial.

Table of Contents

1. How to generate a CSR Code in Microsoft Exchange
2. How to install an SSL certificate on Microsoft Exchange 2019
3. How to install an SSL Certificate on Exchange 2013 & 2016
4. How to install an SSL Certificate on Exchange 2010?
5. How to install an SSL Certificate on Exchange 2007?
6. How to install an SSL Certificate on Exchange 2003?
7. Where to buy an SSL Certificate for Microsoft Exchange?

How to generate a CSR Code in Microsoft Exchange

An essential MXS pre-installation step is CSR (Certificate Signing Request) generation.

You have two options:

1. Generate the CSR automatically using our CSR Generator
2. Follow our step-by-step tutorial on how to create the CSR in Microsoft Exchange

Once the Certificate Authority has validated your SSL request, you can install the certificate on your Exchange server.

How to install an SSL certificate on Exchange 2019?

You can install your SSL certificate via the Exchange Admin Center (EAC). Here’s how to do it:

1. Open the EAC and go to Servers > Certificates.
2. From the Server list, select the Exchange server where you want to install the SSL certificate. Click More Options ***, and select Import Exchange certificate
3. In the newly-opened Import Exchange Certificate wizard, enter the following information, and then click Next

• File to import from: Enter the UNC (Universal Naming Convention) path and filename of the certificate file. For example, \\FileServer01\Data\Yourdomain.crt
• Password: If the certificate file contains the private key or chain of trust, the file is password-protected. Enter the password here

4. In the Specify the servers you want to apply this certificate to page, click Add+
5. Now, select the Exchange Server where you want to import your certificate and click Add ->. You can repeat this step as many times as you need. When you’ve selected all the necessary servers, click OK.

Assign your SSL certificate to your Exchange server

Before the Exchange server can use your certificate for encryption, you need to assign your cert to one or more Exchange services. This step will complete the installation process.

Note: You need to be assigned permissions before you can perform this procedure. Check what permissions you need.

You will use the EAC to assign a certificate to Exchange:

1. Open the EAC, and navigate to Servers > Certificates.
2. From the server list, select the Exchange server that has your certificate.
3. Select the certificate you want to assign and then click Edit. The certificate’s status value must be Valid.
4. On the Services tab, in the Specify the services you want to assign this certificate to section, select the services. Keep in mind, you can’t remove services after you add them. When you’re finished, click Save

Congratulations, you’ve successfully installed an SSL certificate on Exchange 2019.

How to install an SSL Certificate on Exchange 2013 & 2016?

Step 1: Create a Certificate Snap-in from the Microsoft Management console

1. To open the console, click Start>Run. Type MMC in the command box and hit OK
2. Click on File and choose Add/Remove Snap-in
3. Next, select Certificates and click Add
4. In the following window, pick Computer Account, and press Next
5. Select Local Computer and click Finish
6. Close the Snap-ins list window
7. Click OK in the Add/Remove Snap-in window.

Step 2: Install the intermediate certificate

1. From the left menu of the MMC, right-click on Intermediate Certificate Authorities.
2. Go to All Tasks > Import
3. The certificate import window will open. Click Next
4. Browse Intermediate certificate and hit Next
5. Now, select Place all certificates in the following store and then pick Intermediate Certification Authorities from the Select Certificate Store page
6. In the Certificate Import Wizard window, click Next
7. Click Finish > OK.
8. Close the MMC console, and then select NO to remove the MMC settings.

Step 3: Install the primary SSL certificate:

1. Log in to the Exchange Admin Center
2. Click on Servers (left side of the server screen), and then click on Certificates (top-right side)
3. Next, select your SSL Certificate (the one with the Pending request status), and click Complete on the right-side menu
4. Now, enter the network path of your SSL Certificate and click OK
5. Return to the Certificate page of the Exchange Admin, and click Edit (second icon, next to +). Important: Make sure the right SSL certificate is highlighted
6. In the next window, select Services, and pick the services you wish to enable. Click Save
7. Congratulations, your SSL Certificate is up and running!

How to install an SSL Certificate on Exchange 2010?

Installing an SSL certificate on Exchange 2010 requires three essential actions: certificate snap-in creation, intermediate certificate installation, and, finally, primary certificate installation. Let’s take it one step at a time:

Step 1: Certificate Snap-in creation

1. Click Start, open the Run window and then type MMC (Microsoft Management Console). Press OK
2. In the console, go to File and select Add/Remove Snap-in
3. Next, from the Add/Remove Snap-in box, select Certificates and click on Add
4. Now, select Computer Account, then Next
5. Choose Local Computer and press Finish
6. Exit the Add Standalone Snap-in window
7. Click OK and close the Add Standalone Snap-in window.

Step 2: Intermediate certificate installation

1. In the console, on the left menu, right-click on Intermediate Certificate Authorities
2. Select All Tasks, and then Import
3. In the Certificate Import Window, click Next
4. Click Browse to locate the intermediate certificate file on your machine, and click Next
5. Now, choose Place all certificates in the following store and select Intermediate Certification Authorities from the Select Certificate Store window. Click OK
6. On the following page, click Next
7. Click Finish, then OK, and close the MMC console. Click NO to remove the MMC console settings

Step 3: Primary certificate installation

1. Click on Start, and then go to All Programs > Microsoft Exchange Server 2010 > Exchange Management Console.
2. In the console, on the left menu, select Microsoft Exchange On-Premises > Manage Databases, and click on Server Configuration
3. From the Exchange Certificates, choose your primary SSL certificate, and then from the right-side Actions menu, click Complete Pending Request
4. In the next window, click Browse to indicate the path of your certificate file and press Open
5. Back in the Complete Pending Request window, hit Complete
   Important: If the following error appears “The source data is corrupted or not properly Base64 encoded,” Verify the Self-Signed field. If it is set as True, press F5 to refresh the console. If it still says True, create a new CSR and then reissue the certificate.
6. Click Finish to return to MMC. Here, from the Action menu, select Assign Services to Certificate
7. Pick the server you want to assign services to, and then press Next
8. Now, select the services you want to secure, and then hit Next
9. Click Assign > Finish 

Well done! You have finished the SSL installation on Microsoft Exchange Server 2010.

How to install an SSL Certificate on Exchange 2007?

Before installation, make sure you’ve saved the SSL Certificate files provided by your Certificate Authority to your server’s directory.

1. Go to Start, click Run, and type MMC (Microsoft Management Console). Click OK
2. In the Console, hover your mouse to the top-left corner and click on File > Add/Remove Snap-in
3. Now, select Certificates, and then click on Add
4. Select Computer Account, and Click Next
5. Select Local Computer, and hit the Finish button
6. Click OK to close Add/Remove Snap-ins, and return to the console
7. In the console, expand the Certificates folder, and from the list of folders, right-click the Intermediate Certificate Authorities one
8. Go to All Tasks, and then click Import to open the Certificate Import Wizard
9. In the Certificate Import Wizard click Next, then Browse to locate your intermediate Certificate file, and hit again Next
10. Choose Place all certificates in the following store: Intermediate Certification Authorities. Click Next, and then Finish
11. With the intermediate certificate installed, it’s time to focus on the primary one. Open the Start menu, select Microsoft Exchange Server 2007, then click Exchange Management Shell
12. Now, enter the following code to import the certificate:
    Import-ExchangeCertificate -Path C:\your_certificate.crt
    Note: Don’t forget to replace your_certificate.crt with the complete path and file name of your certificate.
13.  Next, add the following command to enable your SSL certificate:
    Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS"
    Important: Paste the thumbprint on your certificate in place of paste_thumbprint_here, and specify the services you intend to use such as SMTP, POP, IMAP, UM, and IIS.
14. Close the Exchange Management Shell. That’s it! You’ve successfully secured your Microsoft Exchange 2007 server!

How to install an SSL Certificate on Exchange 2003?

Step 1: Upload certificates to your server

After you have received the archived SSL certificate file from your SSL provider, open it and extract the primary and intermediate certificates. Save their entire content in a text editor like notepad, and upload it to your server.

Step 2: Create a certificate snap-in and install the intermediate certificate

1. Go to Start > Run, and type MMC (Microsoft Management Console), then click OK
2. In the MMC console click File > Add/Remove Snap-in. Select the Add tab
3. From the list of snap-ins, choose Certificates and click the Add button
4. Select Computer Account and click Next
5. Select Local Computer (the computer this console is running on) and click Finish
6. Close the snap-ins window, and click OK in the Add/Remove Snap-in window.

Step 3: Continue with the intermediate certificate installation

1. From the same MMC console, double-click on the Intermediate Certification Authorities folder (left-side pane)
2. Hover your mouse to the right pane and right-click on Certificates. Select All Tasks, and then Import
3. The Certificate Import Wizard will open. Click Next
4. Browse the location of your intermediate certificate file and click Next
5. Choose Place all certificates in the following store and select Intermediate Certification Authorities. Click OK
6. Click Finish. A message will confirm the successful import of the intermediate certificate. Click OK.

Step 4: Install the primary SSL Certificate in MXS 2003

1. Go to Start > Programs > Microsoft Exchange > System Manager
2. Expand the Administrative Groups folder, and then expand the First Administrative Group (the name of your administrative group).
   Note: If the display administrative groups option is turned off, right-click Your_Organization > Properties > Display administrative groups check box, click OK twice, and then restart Exchange System Manager
3. Expand the Servers folder, and then the Exchange Server Container that you want to configure
4. Expand Protocols, and then go through each protocol you want to configure. For example, if you want to configure the POP3 protocol, expand it, and then right-click on Default POP3 Virtual Server, and click on Properties
5. In the new window, select the Access tab, and click on Certificate to start the Certificate Wizard
6. On the Pending Certificate Request page, select Process the pending request and install the certificate, and then click Next
7. In the Process a Pending Request window, indicate the path of your SSL Certificate (the location where you saved the certificate received from your SSL provider)
8. Double-check the Certificate Summary box, and then click Next
9. Click Finish. Congratulations, you have successfully installed the SSL Certificate on the Exchange server.

Where to buy an SSL Certificate for Microsoft Exchange?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products. All our certificates are compatible with Microsoft Exchange. Whether you want to secure a website or your email correspondence, we’ve got you covered.

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.

FAQ

1. How do I update Exchange SSL certificate?

To update/renew your SSL certificate in Exchange, you need to order a brand new cert from your certificate authority and then install it on the Exchange server the same you did with the previous certificate. 

2. What is SSL in Exchange?

SSL stands for Secure Sockets Layer, a now-deprecated cryptographic protocol that has been replaced by TLS (Transport Layer Security). SSL/TLS certificates encrypt communications between the Exchange server and the users’ browsers. A secure connection prevents hackers from intercepting sensitive data.

3. How do I find my Exchange SSL certificate?

Use the Get-ExchangeCertificate cmdlet to display Exchange certificates that are installed on Exchange servers. 

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.