This post contains step by step instructions for installing a new SSL certificate on Exchange 2013 by completing the pending certificate request you created in the previous steps.
Step 0: Download your SSL Certificate from your third-party certificate authority (GoDaddy, NameCheap, etc). Note: If you do not have an SSL certificate yet, you will first need to purchase an SSL certificate from a certificate authority like NameCheap, or checkout my guide on buying a cheap ssl certificate to get the best deal on an SSL cert. You will then need to create an Exchange 2013 certificate request and submit it to your chosen cert authority.
Step 1: Open Exchange Admin Center (EAC), click Servers > Certificates.
select the certificate that says “Pending request” in the status.
click the “Complete” menu item on the right.
In the complete pending request dialogue box you will need to enter a UNC path to where you saved the certificate that you downloaded from your third-party certificate authority:
You should see a status ‘Valid’ next to the certificate at this point.
Things to consider:
If you haven’t done so already, you will need to install the intermediate certificate from your Certificate Authority.
Depending on your environment/migration-path you may need to export the new certificate from Exchange 2013 and import it into Exchange 2007/2010. Likely in cases where you were modifying an existing certificate for use with Exch 2013 and/or adding a ‘legacy’ hostname to an existing cert.
Next: You need to enable the certificate for the Exchange 2013 services
My Exhange server is named mail01.company.local. Will your process still work if my Active Directory domain name, that the Exchange server is in, ends in “.local”?
Hi Zach, the process will still work if your internal domain is .local. When you prepare your certificate request you will need to pick the correct names for your Exchange environment, for example: autodiscover.companyinternetdomain.com and mail.companyinternetdomain.com. Certificate providers will not allow you to request a cert with .local so you will need to use the external names for all your internal Exchange virtual directories.