The first step is to create a certificate request (“CSR”) by using the renewal tool in Exchange Management Console:
- Open Exchange Management Console
- Go to the Servers node, Certificates
- Select the existing certificate that is expiring and click ‘renew’
Next you will purchase a new certificate credit or ‘renewal’ from your third party certificate authority (GoDaddy, etc) and provide the CSR from the Exchange server to your certificate authority.
- Use the ‘renew’ option in your third party certificate authority (“CA”) to purchase the same type of SSL certificate that you had previously, this is the easiest method. Otherwise if you purchase a new certificate credit you will have to be sure to pick the correct type, for example Wildcard vs UCC.
- Follow the prompts in your certificate provider to upload the CSR
- Go through the verification steps with your third party CA
- Download the competed certificate from your third party CA
- Go back to the exchange server to complete the pending renewal and provide the certificate you downloaded from your third party CA to the exchange server.
- Assign Exchange services to the new certificate if necessary.