How to Install and Configure Your SSL Certificate On Exchange 2016

Install and Assign Services to Your SSL Certificate with the Exchange Admin Center (EAC)

After you generate CSR and received the certficate file from the vendor :

You can follow the steps to install the ssl certificate on Exchange Server 2016

First Step Install SSL Certificate

1. Download and open the ZIP file containing your certificate. Your certificate file will be named [DOMAIN NAME].cer.
2. Copy the [DOMAIN NAME].cer file to your Exchange 2016 server’s network share folder .
3. Access the Exchange Admin Center (EAC) by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).
4. On the Exchange Admin Center (EAC) login page, enter your Domain/user name and Password and then click sign in.
5. In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.
6. On the Certificates page, in the center pane, select your certificate request and then in the certificate request details pane to the right, under Status, click the Complete link.
7. In the complete pending request wizard, under File to import, enter the UNC Network shared path to where your SSL certificate file is located (e.g., \\shared folder\certificates\.cer) and then click OK.
8. The certificate should be successfully installed on your Exchange 2016 server, and the status of the certificate request should now be Valid.

Second Step Assign Services

1. On the Certificates page, in the center pane, select the SSL certificate you just installed and then click (the pencil icon).
2. From the “certificate” window, click Services.
3. Then check all the services for which you want to enable your SSL certificate and then click Save.
4. Now SSL certificate should now be enabled for the services that you selected on your Exchange 2016 server.

Third Step Export SSL Certificate to Your ISA Server

If you currently use an ISA (Internet Security and Acceleration) server in front of your Exchange 2016 server, or need to export your SSL certificate to any other Microsoft server type , you can follow the steps bellow:

Exporting/Backing Up to a .pfx File

1. From Start menu click Run and then type mmc.
2. Click File > Add/Remove Snap-in.
3. Click Certificates > Add and then close the Add Standalone Snap-in window. Click OK.
4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
5. Click the + icon to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
7. Follow the wizard to export your primary certificate to a .pfx file. the point to Choose Yes, export the private key.
8. Choose to include all certificates in certificate path if possible.Warning: Do not select the delete private key option.
9. Leave the default settings and enter your password if required. Choose the location to save the file and click Finish. You will receive an export successful message. The .pfx file is now saved in the location you selected.