Configure SSL certificate in Exchange server 2016

In this article we will have a look at the steps to configure SSL certificates in Exchange 2016 post installation.

If you have exchange 2016 in exchange 2013 coexistence you wouldn’t need to worry about this part. Because the already configured Exchange 2013 CAS server will have the capability to up proxy the requests to Exchange 2016 servers and you can stay relaxed for a while until the you decide to remove the exchange 2013 .

But if you have them in Exchange 2010 coexistence then you will need to move all of your external URL’s and place your SSL certificates into the Exchange 2016 servers.

Now we will have a look at how to place an  SSL certificate request in Exchange 2016 and complete them using a third party CA.

The configuration is the same as exchange 2013 and the only change  is the for internet facing CAS server will be now  internet facing mailbox server.

In-order to perform this action open EAC – click servers – and select certificates

C1

 

Give it a friendly name as below

Tets

 

Enter the domain name

If you are going to use wild card you can select the wild card certificate option.

Using wild card will cover your root domain and additional it covers one subdomain .

In my case i’m using wild card since its a lab and i’m using a complimentary subscription provided by digicert through MVP program.so in my case it would cover mail.exchangequery.com, Autodiscover.exchangequery.com, owa.exchangequery.com etc.,

If i try Test.mail.exchangequery.com then it will not cover since it covers only one subdomain before that wildcard.

Its always better to use SAN since if its a SSL then your private key will be used in most of the sub domains

C3

After this completes just click on next and choose one internet facing mailbox server in Exchange 2016

C4

 

Fill the required information as below

C5

 

place a location to save the private key as below

33

 

You can see the cert request generated as below in the location you mentioned

C6

 

 

After the above task is completed  you can see the certificate request in pending state in the certificates tab as below

Now we can submit this request to a third party CA and get a new SSL certificate for your domain.

There are so many good providers but i recommend digicert as i have seen their support to be very prompt and all together provide a competitive pricing

C7

 

Now copy paste the CSR request we generated in Exchange 2016 as below .Now you can select the server software as exchange 2013 and with that it would be working until they add exchange 2016.

s3

 

 

Once you get the SSL certificate from the certificate provider now we need to complete this request by importing them into the Exchange 2016 internet facing  server.

 

You can see the certificate that we requested in pending state as below

Final

 

So click on complete and you will get a pop up window to import the SSL certificate.

Just import the certificate that you got from the certificate provider and then complete the request.

Now we have successfully completed the SSL certificate request in Exchange 2016

 

Thanks 

Sathish Veerapandian 

MVP – Exchange Server 

Tagged:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: