assign certificate to Exchange 2013 services (IIS, SMTP, POP, IMAP)

These steps will walk you through assigning an existing third-party SSL certificate to the Exchange services such as IIS, SMTP, POP, IMAP and UM.  These steps assume you have already completed a certificate request and installed your SSL certificate on Exchange 2013.

Step 1: open Exchange Admin Center (EAC) and click servers > certificates.
select your SSL certificate, and click the edit button edit icon.

select edit cert

Step 2: click “services” and then place check marks next to the services that you would like assigned to the SSL Certificate.  SMTP, IMAP, POP and IIS are standard.  Note: If you have a Wildcard SSL certificate then leave IMAP and POP unchecked, Wildcard certificates do not work for POP/IMAP.

assign certificate

Click “yes” on this standard warning message which indicates the default self signed cert will be replaced with your new third party SSL certificate.


Conclusion:  At this point your SSL cert is installed and enabled on Exchange 2013.  Congrats!  I recommend you test your certificate by connecting your server with a Browser and see if any errors come up:

Next: you will configure the Exchange 2013 Virtual Directories.

4 thoughts on “assign certificate to Exchange 2013 services (IIS, SMTP, POP, IMAP)

  1. Ferry Avianto


    I already succeeded renew and now I have 2 certificates which are existing one and renewal one. similar to yours, both of mine are also still valid, however the existing one will soon expired. My question is : do I have to take over now by assigning my remaining services (SMTP, and IIS) ? Or I just let it expired and becomes invalid and system automatically take over? (Still not sure automatic or not by the way).

    Need your advise

    1. Chris Post author

      Hello, you should assign your services to your new certificate. Once that is complete, one can generally remove the old certificate that has no services assigned.

  2. Anselm

    Hello Chris, thanks for your work and documentations. I have a questition to Binding services to certificate.
    We installed our zertificate as described above. I thing, we configured the virutal directories right, but it doesn´t work fine and there was an other problem -we find it out later. So after hours we stopped and bind the services to the old certificate from Exchange 2013.
    Now we will start again, but the services IIS and SMTP are assigned to the new certificate and to the privat old from exchange. Is there a easy way to close the binding to the old certificate?
    Could we export the certifikate (GeoTrust, Bronze Multidomain (QuickSSL Premium)), delete the new certificate (GeoTrust, Bronze Multidomain (QuickSSL Premium)) in exchange, restart IIS and than import it, will the import agent ask again, if we want to overwrite the existing certificate?
    Thanks for your time.

    1. Chris Post author

      I don’t believe you can over write an existing certificate with a new certificate. I’ve seen in some cases bindings will change to the primary/default certificate automatically, but typically one has to go and find and change bindings manually.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.