Generating CSR and installing an SSL certificate for Exchange 2013

In this article, we'll look at the process of generating a Certificate Signing Request and installing an SSL certificate for Exchange 2013.

Generating a CSR for Exchange 2013

To generate a CSR request for an SSL certificate, follow these steps.

1. Go to the Admin Centre of Exchange by opening the link in the browser https://localhost/ecp.
   
2. On the opened page, enter your login/password in the appropriate fields.
   
3. Click the Servers link in the left-hand column and select Certificates in the top menu. Then click on the "+" symbol immediately below the drop-down list with the server selection.
   
4. A "new exchange certificate" pop-up window will appear with the step-by-step wizard for generating the CSR.
   
5. Select the "Create a request for a certificate from a certification authority".
   
6. In the field "Friendly name for this certificate", enter the name that will be assigned to the certificate (any name that will help you to identify the certificate; it is not used directly in the certificate request).
   
7. Next, you can enter the root domain if you plan to generate a CSR for the Wildcard certificate. Otherwise, just go to the next page by clicking "Next".
   
8. Click the Browse button and select the server on which the certificate request will be stored.
   
9. If you are generating a request for a Wildcard certificate, you can skip this step. In the list, select the services that you plan to run securely. To select services, press Ctrl + Click.
   
10. On the next page, you can view the list of domains that Exchange 2013 will suggest that you include in your request for a certificate. Review these domains and add any additional ones with the "+" button.
    
11. Fill in the Organisation name, Department name and other fields in accordance with the rules for generating CSR requests. If you are not in the state/region, then paste city information in this field.
    
12. Enter the network path to save the CSR to your computer (the file will be saved in .req format), then click Finish.
    
13. Now you can open the CSR using Notepad or another text editor and copy the entire contents of the file for use later in the certificate order process.
    

Once you get the SSL certificate, you will need to install it on the server.

Installing an SSL Certificate for Exchange 2013

To install the SSL certificate for Exchange 2013, use the following step-by-step process.

1. Download a ZIP-archive with the received certificate, and then unzip it. Your certificate file will be named your_domain_name.cer.
   
2. Copy your_domain_name.cer to the Exchange server network directory that was set to store the CSR.
   
3. Go to the Exchange Central Administration, follow the https: //localhost/ecp link in your browser.
   
4. Enter your login/password.
   
5. Go to Servers, then select Certificates from the top menu.
   
6. Select your certificate in the menu in the centre of the page, then click the Complete link in the right-hand column.
   
7. Enter the network path where your certificate is located.
   
8. The certificate will be successfully installed on the server.
   
9. To use the certificate, go back to the Certificates section, select the required certificate and then click on the edit button (pencil).
   
10. Select the Services option on the left side of the page.
    
11. Select the services for which you want to enable your new certificate, and then click Save.
    

Done. Your certificate is installed and available for use with Exchange.

Note: if you need to export the certificate to your ISA server or to any other type of Microsoft server, be sure to include all certificates in the certificate chain.