Exchange 2013 SSL certificate request step by step

Exchange 2013 includes a self signed SSL Certificate to facilitate SSL encryption. However, this self-signed cert is not recognized by web browsers and mobile devices and will cause security warnings and connection failures.  The solution is to utilize an SSL certificate from a recognized third-party certificate provider (like GoDaddy, NameCheap, Etc).  If you haven’t purchased a new cert yet, here is my quick guide to dependable and cheap ssl certificates.

How to create a new certificate request on Exchange 2013

1) Open Exchange Administration Console (EAC)
click Servers > Certificates > click the add button icon to create a new certificate request:
add certificate
2) select “Create a request for a certificate from a certificate authority”:
new-certificate-create-request

3) The certificate request in our example is going to be a multiple-name UCC certificate and not a wildcard certificate, so we will leave the wildcard checkbox unchecked.
Learn about Exchange 2013 Wildcard Cerificates: alternatively you could have selected ‘Request a Wildcard Certificate’.  Wildcard is suitable if your internal AD domain name is the same as your external domain name).
not-wildcard-certificate

4) Next select the Exchange 2013 server in which to store the certificate request file:
store-cert-request-on-server

5) enter a friendly name for the certificate, this is something that only IT people will see:
cert-friendly-name6) next is a guide wizard to help you determine the names in your certificate, this section does not configure anything in Exchange 2013 it only helps you determine the names you want.  I find it tedious so I just populate the required Outlook Web Access and Autodiscover names and move to the next screen.
specify-certificate-domainsspecify-cert-domains-morespecify-autodiscover-domain

7) On the next screen is your list of Exchange 2013 domain names that will be included in the certificate request.  I edit this list to come up with the final list of names.  The screenshot shows a common configuration as an example:
certificate domains list

8) Fill out the information about your organization:
certificate request organization info

9) Next Specify the path to where you would like to store the certificate request (it must be in UNC format):
certificate request path10) Next you will need to submit the certificate request to your chosen certificate authority, I generally use GoDaddy.
11) Complete the verification process with your Certificate Authority (NameCheap, Comodo, etc).

Next: Follow these steps steps to install the certificate in Exchange 2013 by processing the pending certificate request.

One thought on “Exchange 2013 SSL certificate request step by step

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.