Exchange 2013 includes a self signed SSL Certificate to facilitate SSL encryption. However, this self-signed cert is not recognized by web browsers and mobile devices and will cause security warnings and connection failures. The solution is to utilize an SSL certificate from a recognized third-party certificate provider (like GoDaddy, NameCheap, Etc). If you haven’t purchased a new cert yet, here is my quick guide to dependable and cheap ssl certificates.
How to create a new certificate request on Exchange 2013
1) Open Exchange Administration Console (EAC)
click Servers > Certificates > click the icon to create a new certificate request:
2) select “Create a request for a certificate from a certificate authority”:
3) The certificate request in our example is going to be a multiple-name UCC certificate and not a wildcard certificate, so we will leave the wildcard checkbox unchecked.
Learn about Exchange 2013 Wildcard Cerificates: alternatively you could have selected ‘Request a Wildcard Certificate’. Wildcard is suitable if your internal AD domain name is the same as your external domain name).
4) Next select the Exchange 2013 server in which to store the certificate request file:
5) enter a friendly name for the certificate, this is something that only IT people will see:
6) next is a guide wizard to help you determine the names in your certificate, this section does not configure anything in Exchange 2013 it only helps you determine the names you want. I find it tedious so I just populate the required Outlook Web Access and Autodiscover names and move to the next screen.
7) On the next screen is your list of Exchange 2013 domain names that will be included in the certificate request. I edit this list to come up with the final list of names. The screenshot shows a common configuration as an example:
8) Fill out the information about your organization:
9) Next Specify the path to where you would like to store the certificate request (it must be in UNC format):
10) Next you will need to submit the certificate request to your chosen certificate authority, I generally use GoDaddy.
11) Complete the verification process with your Certificate Authority (NameCheap, Comodo, etc).
Next: Follow these steps steps to install the certificate in Exchange 2013 by processing the pending certificate request.
The validity period is controlled by the CA issuing you the certificate. There s no change to the certificate request.