Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft systems the private key is hidden away and will only appear once the CSR request has been completed. Your SSL certificate will not work without this private key file. We will assume that this is the original system.

To Install your SSL certificate on Exchange 2013 perform the following.

Step 1: Picking up your SSL Certificate.

  1. If you had the option of server type during enrollment and selected IIS you will receive a pkcs#7/.p7b version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the pkcs#7 version of your certificate.
  2. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—–
    and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .p7b (When performing this on a Windows system the Icon of the file should change into a certificate icon )

Step 3:  Installing your SSL certificate:

  1. Use Internet Explorer to browse to the Exchange Admin Center located at https://localhost/ecp
  2. Login using your domain credentials.
  3. Select Servers.
  4. Select Certificates.
  5. Select your certificate from the menu in the center of the screen (listed by its Friendly Name from CSR creation), and then click the “Complete” link located in the right column.

    Exchange 2013 Installation
    Note: If you do not see the Complete option to a Pending request status then perform the following Troubleshooting.
  6. Specify the name and location of where your saved SSL certificate file is located.Exchange 2013 InstallationNote: You may receive an error when the system is performing the install. This is typically with a glitch with the IIS/Exchange Systems.
    • Click Ok to acknowledge the error message, and Cancel out of the Complete Certificate Request Wizard.
    • Hit F5 on your keyboard to refresh the IIS console. Your new certificate should appear in the Middle pane under Server Certificates. It might be missing a friendly name. If you see the new certificate in this pane it means that installation was successful.
      Note: If your certificate still does not appears then either the CSR request was never created on this system, or your private key was damaged. You will have to generate a new CSR request and perform a reissue of the certificate.

Step 4: Binding/Assigning services to your SSL certificate:

  1. In the Exchange Admin Center under Certificates highlight your new SSL certificate you want to use.
  2. Click the edit Exchange 2013 Installation  icon.
    Exchange 2013 Installation
  3. Click the Services option on the left.
  4. Specify the services you would like to enable your new certificate for.
    Note: Below is a example of the services assigned. Only you, your network Admin or Microsoft know best regarding what services you require for your organization. If this is a renewal you should see the what services you already use with the older certificate, Just apply them to the new one.
  5. Click Save.
    Exchange 2013 InstallationYour SSL certificate should now be installed and enabled for use with your Exchange 2013 system.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

Microsoft Support

For more information refer to Microsoft.

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.