In this article we will have a look at the steps to configure SSL certificates in Exchange 2016 post installation.

If you have exchange 2016 in exchange 2013 coexistence you wouldn’t need to worry about this part. Because the already configured Exchange 2013 CAS server will have the capability to up proxy the requests to Exchange 2016 servers and you can stay relaxed for a while until the you decide to remove the exchange 2013 .

But if you have them in Exchange 2010 coexistence then you will need to move all of your external URL’s and place your SSL certificates into the Exchange 2016 servers.

Now we will have a look at how to place an  SSL certificate request in Exchange 2016 and complete them using a third party CA.

The configuration is the same as exchange 2013 and the only change  is the for internet facing CAS server will be now  internet facing mailbox server.

In-order to perform this action open EAC – click servers – and select certificates

Give it a friendly name as below

Enter the domain name

If you are going to use wild card you can select the wild card certificate option.

Using wild card will cover your root domain and additional it covers one subdomain .

In my case i’m using wild card since its a lab and i’m using a complimentary subscription provided by digicert through MVP program.so in my case it would cover mail.exchangequery.com, Autodiscover.exchangequery.com, owa.exchangequery.com etc.,

After this completes just click on next and choose one internet facing mailbox server in Exchange 2016

Fill the required information as below

place a location to save the private key as below

You can see the cert request generated as below in the location you mentioned

After the above task is completed  you can see the certificate request in pending state in the certificates tab as below

Now we can submit this request to a third party CA and get a new SSL certificate for your domain.

There are so many good providers but i recommend digicert as i have seen their support to be very prompt and all together provide a competitive pricing

Now copy paste the CSR request we generated in Exchange 2016 as below .Now you can select the server software as exchange 2013 and with that it would be working until they add exchange 2016.

Once you get the SSL certificate from the certificate provider now we need to complete this request by importing them into the Exchange 2016 internet facing  server.

You can see the certificate that we requested in pending state as below

So click on complete and you will get a pop up window to import the SSL certificate.

Just import the certificate that you got from the certificate provider and then complete the request.

Now we have successfully completed the SSL certificate request in Exchange 2016

Thanks 

Sathish Veerapandian 

MVP – Exchange Server 

Tagged: exchange 2016