Exchange 2013 SSL certificate request step by step

Exchange 2013 includes a self signed SSL Certificate to facilitate SSL encryption. However, this self-signed cert is not recognized by web browsers and mobile devices and will cause security warnings and connection failures.  The solution is to utilize an SSL certificate from a recognized third-party certificate provider (like GoDaddy, NameCheap, Etc).  If you haven’t purchased a new cert yet, here is my quick guide to dependable and cheap ssl certificates.

How to create a new certificate request on Exchange 2013

1) Open Exchange Administration Console (EAC)
click Servers > Certificates > click the add button icon to create a new certificate request:
add certificate
2) select “Create a request for a certificate from a certificate authority”:

3) The certificate request in our example is going to be a multiple-name UCC certificate and not a wildcard certificate, so we will leave the wildcard checkbox unchecked.
Learn about Exchange 2013 Wildcard Cerificates: alternatively you could have selected ‘Request a Wildcard Certificate’.  Wildcard is suitable if your internal AD domain name is the same as your external domain name).

4) Next select the Exchange 2013 server in which to store the certificate request file:

5) enter a friendly name for the certificate, this is something that only IT people will see:
cert-friendly-name6) next is a guide wizard to help you determine the names in your certificate, this section does not configure anything in Exchange 2013 it only helps you determine the names you want.  I find it tedious so I just populate the required Outlook Web Access and Autodiscover names and move to the next screen.

7) On the next screen is your list of Exchange 2013 domain names that will be included in the certificate request.  I edit this list to come up with the final list of names.  The screenshot shows a common configuration as an example:
certificate domains list

8) Fill out the information about your organization:
certificate request organization info

9) Next Specify the path to where you would like to store the certificate request (it must be in UNC format):
certificate request path10) Next you will need to submit the certificate request to your chosen certificate authority, I generally use GoDaddy.
11) Complete the verification process with your Certificate Authority (NameCheap, Comodo, etc).

Next: Follow these steps steps to install the certificate in Exchange 2013 by processing the pending certificate request.


One thought on “Exchange 2013 SSL certificate request step by step

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.