SearchSupportFree trial
Contact us

Knowledge Base

Knowledge BaseSSL

How to Install SSL/TLS Certificates in Microsoft Exchange 2019?

Updated on January 2, 2026
 

Overview 

This guide provides detailed instructions for installing SSL/TLS certificates in Microsoft Exchange 2019 to ensure secure communication between clients and the Exchange server. It covers the entire process, including importing Certificate Authority (CA) certificates using the Microsoft Management Console (MMC) and installing the server certificate through the Exchange Management Shell. 
 

Purpose: SSL/TLS Certificate Installation Guide for Microsoft Exchange 2019 

For Microsoft Exchange 2007-2019, Use the steps in the below article CSR generation and installation of SSL/TLS certificates.: 
How to generate a CSR and install a SSL certificate on exchange server?  | Sectigo® Official 

Pre-requisites: 

Before you begin, ensure you have the following: 

  1. Administrator access to the Exchange server. 

  1. Downloaded certificate files, including:  

  • Server Certificate 

  • Sectigo Intermediate Certificates 

  • Sectigo Root Certificate 

 

  1. Exchange Management Shell installed and accessible. 

 
Generate a Certificate Signing Request (CSR) using Microsoft Exchange 2019 

To generate a CSR in Microsoft Exchange 2019, Follow the steps in the below article: 

Install SSL/TLS Certificates in Microsoft Exchange 2019 
The installation is in two parts: 
1) Importing CA certificate using Microsoft Management Console (MMC) 
2) Installing the certificate on the server 
 
Part 1 of 2: Importing CA certificate using Microsoft Management Console (MMC) 
 
1. Download your certificate files. It should include your Server Certificate, the Sectigo chain/intermediate certificates(s) and the Sectigo Root certificate. 

 

2. On the server, right-click Start > Run > type MMC and hit enter.  

 

A screenshot of a computer errorAI-generated content may be incorrect. 
 

 

3. Click File > Add Remove Snap-in.  

A screenshot of a computerAI-generated content may be incorrect. 
 

 

4. Select Certificates and click Add. 

 

 

5. Select Computer Account > Next > Local Computer and click Finish. 

A screenshot of a computer screenAI-generated content may be incorrect. 

A screenshot of a computerAI-generated content may be incorrect. 
 
6. Click OK. 
7. Expand Certificates > Trusted Root Certification Authorities > Certificates on the left-hand side of the console window. 

 
 

 

8. Right click on the Certificates sub-folder under Trusted Root Certification Authorities and select All Tasks > Import.  

 
 

 

9. In the import wizard, browse the Sectigo Root file downloaded in step 1 and complete the wizard. 

 
 

 

10. In the MMC console, expand the Intermediate Certification Authorities folder. Right click on the Certificates sub-folder and select All Tasks > Import. 

 
 

 

11. In the import wizard, browse the Intermediate files downloaded in step 1 and complete the wizard. If there is more than 1 intermediate file, import one at a time. 

A screenshot of a computerAI-generated content may be incorrect. 
 
Verification: 

 You should see your Sectigo Intermediate certificates listed in the Intermediate Certification Authorities folder. You are now ready to install your signed server certificate.  
 

 

Part 2 of 2: Installing the certificate on the server 
 
1. As an Administrator on the server, open the Exchange Management shell by clicking Start > Exchange Management Shell.  

 

2. You will need to run a command to import the Server Certificate file that was downloaded in step 1 and a command to enable the desired Exchange services. This can be done in a single command by using the pipe delimiter. To simplify the command, place your Server Certificate file in your C drive. 
 
Import-ExchangeCertificate -Path C:\ServerCertificate.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"  

 
 
Verification 

To verify that the previous command was successful, run the following command: 
 
Get-ExchangeCertificate  

A screen shot of a computer programAI-generated content may be incorrect. 
 
This command will display a list of all the certificates available on the server.  Check the Subject column to identify the certificate that you just imported in the previous step. Check the corresponding Services column to ensure the correct services have been enabled.   In the Services Column:  

  • 'S' is the SMTP Service 

  • 'I' is the IMAP Service 

  • 'P' is the POP Service 

  • 'W' is IIS which is used for Webmail and Active Sync 

4. If the proper services are not enabled, run the following command and provide your certificate thumprint. The certificate thumprint value should have been part of the ouput of the Get-ExchangeCertificate command.  

Enable-ExchangeCertificate -ThumbPrint [Certificate Thumbprint Value] -Services "SMTP, IMAP, POP, IIS" 

 

For Microsoft Exchange 2007-2019, Use the steps in the below article CSR generation and installation of SSL/TLS certificates.: 
How to generate a CSR and install a SSL certificate on exchange server?  | Sectigo® Official 

 

 

 

Tags: 

 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources