How to Install an SSL Certificate on Exchange

Last updated on by Dionisie Gitlan

In this guide, you will learn how to install an SSL certificate on Exchange servers (MXS). Besides the technical stuff, this guide also presents useful tips on where to buy the perfect SSL Certificate for the Microsoft Exchange Server.

Since we cover different MXS versions, please check your MXS release before continuing with this tutorial.

Table of Contents

  1. How to generate a CSR Code in Microsoft Exchange
  2. How to install an SSL certificate on Microsoft Exchange 2019
  3. How to install an SSL Certificate on Exchange 2013 & 2016
  4. How to install an SSL Certificate on Exchange 2010?
  5. How to install an SSL Certificate on Exchange 2007?
  6. How to install an SSL Certificate on Exchange 2003?
  7. Where to buy an SSL Certificate for Microsoft Exchange?
Exchange server interface showing email configuration settings and account management options

How to generate a CSR Code in Microsoft Exchange

An essential MXS pre-installation step is CSR (Certificate Signing Request) generation.

You have two options:

  1. Generate the CSR automatically using our CSR Generator
  2. Follow our step-by-step tutorial on how to create the CSR in Microsoft Exchange

Once the Certificate Authority has validated your SSL request, you can install the certificate on your Exchange server.

How to install an SSL certificate on Exchange 2019?

Starting with Exchange Server 2019 CU12 and later, Microsoft has deprecated the ability to manage certificates through the Exchange Admin Center (EAC). All certificate management tasks, including importing and assigning SSL certificates, must now be performed using the Exchange Management Shell (PowerShell).

Updated Instructions for Installing an SSL Certificate on Exchange 2019 CU12 and Later:

  1. Open the Exchange Management Shell: Run it as an administrator on your Exchange server.
  2. Import the SSL Certificate:
    • Ensure your SSL certificate file (typically with a .pfx extension) is accessible on the server.
    • Use the following command to import the certificate:
      $file = "C:\Path\To\YourCertificate.pfx" $password = Read-Host -AsSecureString "Enter the certificate password" Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes($file)) -Password $password
      • Replace "C:\Path\To\YourCertificate.pfx" with the actual file path of your SSL certificate.
      • When prompted, enter the password associated with the certificate file.
  3. Assign the Certificate to Exchange Services:
    • After importing, retrieve the thumbprint of the new certificate:
      Get-ExchangeCertificate | Format-List Thumbprint, Subject
    • Identify the thumbprint of the recently imported certificate.
    • Assign the certificate to the desired services (e.g., IIS, SMTP)
      Enable-ExchangeCertificate -Thumbprint [YourCertificateThumbprint] -Services "IIS, SMTP"
      • Replace [YourCertificateThumbprint] with the actual thumbprint of your certificate.

Note: The -Services parameter specifies which services will use the certificate. Common services include:

  • IIS: Internet Information Services (used for Outlook on the web and other web services)
  • SMTP: Simple Mail Transfer Protocol (used for email transport)

How to install an SSL Certificate on Exchange 2013 & 2016?

Step 1: Create a Certificate Snap-in from the Microsoft Management console

  1. To open the console, click Start > Run. Type MMC in the command box and hit OK
  2. Click on File and choose Add/Remove Snap-in
  3. Next, select Certificates and click Add
  4. In the following window, pick Computer Account, and press Next
  5. Select Local Computer and click Finish
  6. Close the Snap-ins list window
  7. Click OK in the Add/Remove Snap-in window.

Step 2: Install the intermediate certificate

  1. From the left menu of the MMC, right-click on Intermediate Certificate Authorities.
  2. Go to All Tasks > Import
  3. The certificate import window will open. Click Next
  4. Browse Intermediate certificate and hit Next
  5. Now, select Place all certificates in the following store and then pick Intermediate Certification Authorities from the Select Certificate Store page
  6. In the Certificate Import Wizard window, click Next
  7. Click Finish > OK.
  8. Close the MMC console, and then select NO to remove the MMC settings.

Step 3: Install the primary SSL certificate:

  1. Log in to the Exchange Admin Center
  2. Click on Servers (left side of the server screen), and then click on Certificates (top-right side)
  3. Next, select your SSL Certificate (the one with the Pending request status), and click Complete on the right-side menu
  4. Now, enter the network path of your SSL Certificate and click OK
  5. Return to the Certificate page of the Exchange Admin, and click Edit (second icon, next to +). Important: Make sure the right SSL certificate is highlighted
  6. In the next window, select Services, and pick the services you wish to enable. Click Save
  7. Congratulations, your SSL Certificate is up and running!

How to install an SSL Certificate on Exchange 2010?

Installing an SSL certificate on Exchange 2010 requires three essential actions: certificate snap-in creation, intermediate certificate installation, and, finally, primary certificate installation. Let’s take it one step at a time:

Step 1: Certificate Snap-in creation

  1. Click Start, open the Run window and then type MMC (Microsoft Management Console). Press OK
  2. In the console, go to File and select Add/Remove Snap-in
  3. Next, from the Add/Remove Snap-in box, select Certificates and click on Add
  4. Now, select Computer Account, then Next
  5. Choose Local Computer and press Finish
  6. Exit the Add Standalone Snap-in window
  7. Click OK and close the Add Standalone Snap-in window.

Step 2: Intermediate certificate installation

  1. In the console, on the left menu, right-click on Intermediate Certificate Authorities
  2. Select All Tasks, and then Import
  3. In the Certificate Import Window, click Next
  4. Click Browse to locate the intermediate certificate file on your machine, and click Next
  5. Now, choose Place all certificates in the following store and select Intermediate Certification Authorities from the Select Certificate Store window. Click OK
  6. On the following page, click Next
  7. Click Finish, then OK, and close the MMC console. Click NO to remove the MMC console settings

Step 3: Primary certificate installation

  1. Click on Start, and then go to All Programs > Microsoft Exchange Server 2010 > Exchange Management Console.
  2. In the console, on the left menu, select Microsoft Exchange On-Premises > Manage Databases, and click on Server Configuration
  3. From the Exchange Certificates, choose your primary SSL certificate, and then from the right-side Actions menu, click Complete Pending Request
  4. In the next window, click Browse to indicate the path of your certificate file and press Open
  5. Back in the Complete Pending Request window, hit Complete
    Important: If the following error appears “The source data is corrupted or not properly Base64 encoded,” Verify the Self-Signed field. If it is set as True, press F5 to refresh the console. If it still says True, create a new CSR and then reissue the certificate.
  6. Click Finish to return to MMC. Here, from the Action menu, select Assign Services to Certificate
  7. Pick the server you want to assign services to, and then press Next
  8. Now, select the services you want to secure, and then hit Next
  9. Click Assign > Finish 

Well done! You have finished the SSL installation on Microsoft Exchange Server 2010.

How to install an SSL Certificate on Exchange 2007?

Before installation, make sure you’ve saved the SSL Certificate files provided by your Certificate Authority to your server’s directory.

  1. Go to Start, click Run, and type MMC (Microsoft Management Console). Click OK
  2. In the Console, hover your mouse to the top-left corner and click on File > Add/Remove Snap-in
  3. Now, select Certificates, and then click on Add
  4. Select Computer Account, and Click Next
  5. Select Local Computer, and hit the Finish button
  6. Click OK to close Add/Remove Snap-ins, and return to the console
  7. In the console, expand the Certificates folder, and from the list of folders, right-click the Intermediate Certificate Authorities one
  8. Go to All Tasks, and then click Import to open the Certificate Import Wizard
  9. In the Certificate Import Wizard click Next, then Browse to locate your intermediate Certificate file, and hit again Next
  10. Choose Place all certificates in the following store: Intermediate Certification Authorities. Click Next, and then Finish
  11. With the intermediate certificate installed, it’s time to focus on the primary one. Open the Start menu, select Microsoft Exchange Server 2007, then click Exchange Management Shell
  12. Now, enter the following code to import the certificate:
    Import-ExchangeCertificate -Path C:\your_certificate.crt
    Note: Don’t forget to replace your_certificate.crt with the complete path and file name of your certificate.
  13.  Next, add the following command to enable your SSL certificate:
    Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS"
    Important: Paste the thumbprint on your certificate in place of paste_thumbprint_here, and specify the services you intend to use such as SMTP, POP, IMAP, UM, and IIS.
  14. Close the Exchange Management Shell. That’s it! You’ve successfully secured your Microsoft Exchange 2007 server!

How to install an SSL Certificate on Exchange 2003?

Step 1: Upload certificates to your server

After you have received the archived SSL certificate file from your SSL provider, open it and extract the primary and intermediate certificates. Save their entire content in a text editor like notepad, and upload it to your server.

Step 2: Create a certificate snap-in and install the intermediate certificate

  1. Go to Start > Run, and type MMC (Microsoft Management Console), then click OK
  2. In the MMC console click File > Add/Remove Snap-in. Select the Add tab
  3. From the list of snap-ins, choose Certificates and click the Add button
  4. Select Computer Account and click Next
  5. Select Local Computer (the computer this console is running on) and click Finish
  6. Close the snap-ins window, and click OK in the Add/Remove Snap-in window.

Step 3: Continue with the intermediate certificate installation

  1. From the same MMC console, double-click on the Intermediate Certification Authorities folder (left-side pane)
  2. Hover your mouse to the right pane and right-click on Certificates. Select All Tasks, and then Import
  3. The Certificate Import Wizard will open. Click Next
  4. Browse the location of your intermediate certificate file and click Next
  5. Choose Place all certificates in the following store and select Intermediate Certification Authorities. Click OK
  6. Click Finish. A message will confirm the successful import of the intermediate certificate. Click OK.

Step 4: Install the primary SSL Certificate in MXS 2003

  1. Go to Start > Programs > Microsoft Exchange > System Manager
  2. Expand the Administrative Groups folder, and then expand the First Administrative Group (the name of your administrative group).
    Note: If the display administrative groups option is turned off, right-click Your_Organization > Properties > Display administrative groups check box, click OK twice, and then restart Exchange System Manager
  3. Expand the Servers folder, and then the Exchange Server Container that you want to configure
  4. Expand Protocols, and then go through each protocol you want to configure. For example, if you want to configure the POP3 protocol, expand it, and then right-click on Default POP3 Virtual Server, and click on Properties
  5. In the new window, select the Access tab, and click on Certificate to start the Certificate Wizard
  6. On the Pending Certificate Request page, select Process the pending request and install the certificate, and then click Next
  7. In the Process a Pending Request window, indicate the path of your SSL Certificate (the location where you saved the certificate received from your SSL provider)
  8. Double-check the Certificate Summary box, and then click Next
  9. Click Finish. Congratulations, you have successfully installed the SSL Certificate on the Exchange server.

Where to buy an SSL Certificate for Microsoft Exchange?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products. All our certificates are compatible with Microsoft Exchange. Whether you want to secure a website or your email correspondence, we’ve got you covered.

Get an SSL certificate now

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Frequently Asked Questions

How do I update Exchange SSL certificate?

To update/renew your SSL certificate in Exchange, you need to order a brand new cert from your certificate authority and then install it on the Exchange server the same you did with the previous certificate. 

Copy Link

What is SSL in Exchange?

SSL stands for Secure Sockets Layer, a now-deprecated cryptographic protocol that has been replaced by TLS (Transport Layer Security). SSL/TLS certificates encrypt communications between the Exchange server and the users’ browsers. A secure connection prevents hackers from intercepting sensitive data.

Copy Link

How do I find my Exchange SSL certificate?

Use the Get-ExchangeCertificate cmdlet to display Exchange certificates that are installed on Exchange servers.

Copy Link

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Order Now
A detailed image of a dragon in flight
Written by

Experienced content writer specializing in SSL Certificates. Transforming intricate cybersecurity topics into clear, engaging content. Contribute to improving digital security through impactful narratives.

How to Install SSL
A Microsoft logo icon
Microsoft Platforms
Tutorials