FAQs
How to generate a CSR and install a SSL certificate on exchange server?
How to generate a CSR and install a SSL certificate on exchange server?
Similar Questions:
How do I create a CSR and install an SSL certificate on Microsoft Exchange?
What are the steps to generate a certificate request and install it in Exchange Server?
How do I generate a CSR using Exchange Admin Center (EAC)?
How do I verify if my SSL certificate is correctly installed on Exchange?
Overview
Learn how to securely configure Microsoft Exchange Server by generating a Certificate Signing Request (CSR), installing an SSL certificate via the Exchange Admin Center (EAC), assigning services, verifying installation, and importing intermediate certificates. This step-by-step guide ensures encrypted communication and proper certificate deployment for your exchange server.
Steps to generate a CSR and install a SSL certificate on exchange servers
Generate a CSR in Exchange Admin Center (EAC)
- Open a web browser and access the Exchange Admin Center (EAC) at https://localhost/ecp or your Exchange server’s admin URL.
- Click on Servers in the left menu, then select Certificates at the top.
- Choose the Exchange server where you want to create the CSR.
- Click the + (Add) icon and select Create a request for a certificate from a certification authority. Click Next.
- Enter a friendly name for the certificate to help identify it later and click Next.
- Specify whether you want a wildcard certificate or a certificate for specific domains and click Next.
- Add all domain names (Common Name and Subject Alternative Names - SANs) that you want to secure with this certificate. Click Next.
- Provide your organization and location details as prompted.
- Choose a shared network path to save the CSR file (e.g., \\Server\Share\exchange.csr) and finish the wizard by clicking Finish.
Submit CSR to Certificate Authority (CA)
- Send the generated CSR file to Sectigo.
- Upon verification, the SSL certificate will be issued.
Install the SSL Certificate in Exchange Admin Center
- Return to Servers --> Certificates in the EAC.
- Select the Exchange server and find the certificate request with status Pending request.
- Highlight the pending request and click Complete from the right menu.
- Enter the file path where your SSL certificate file is saved (e.g., \\Server\Share\yourdomain.crt) and click OK.
- The certificate status will update to Valid when successfully installed.
Assign Services to the SSL Certificate
-
In Certificates, select the newly installed certificate.
-
Click the Edit icon and open the Services tab.
-
Check the boxes for all services that will use the certificate:
-
SMTP (Mail Transport)
-
IIS (Outlook Web Access and ECP)
-
IMAP/POP3 (if applicable)
-
Unified Messaging (if applicable)
-
Save the changes.
Verify Certificate Installation
-
Run the following Exchange Management Shell command to confirm services enablement:
powershell
Get-Exchange Certificate | fl Friendly Name, Subject, Status, Services, Thumbprint
-
Confirm that the new certificate is enabled and assigned to required services.
-
Test secure access using a browser via HTTPS (e.g., https://mail.yourdomain.com/owa).
-
Use SSL checker tools like SSL Labs to verify the certificate chain and expiration.
(Optional) Install Intermediate Certificates
If your CA provides intermediate certificates, install them to complete the trust chain:
-
Open Microsoft Management Console (MMC) → Add the Certificates (Local Computer) snap-in.
-
Navigate to Intermediate Certification Authorities → Certificates.
-
Right-click and select All Tasks → Import.
-
Follow the wizard to import the intermediate certificate file.
Restart Exchange Services
After installation and service assignments, restart Exchange services for changes to take effect:
powershell
Restart-Service MSExchangeTransport
Restart-Service IISAdmin
Related Articles:
Tags:
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
