How to install SSL Certificate on Microsoft Exchange Server

Install SSL Certificate on Exchange 2003

SSL Installation process on Microsoft Exchange server requires technical knowledge. After acquiring the correct certificate, perform few steps will help you install it successfully on your Windows Server.

The Prerequisites for Installing SSL on Microsoft Exchange Server 2003, 2007, 2010, 2013, 2016 and 2019

• Private key: A secure key generated with the Certificate Signing Request (CSR).
• Server certificate: Main certificate issued by the CA; your server provides it to the client (browser) for verification.
• Intermediate certificates: Provided by the Certificate Authority as part of the validation process.

Step 1: Upload certificates to your server

Your Certificate Authority will provide you the SSL Certificate in a Zip file. Open it & extract the primary and intermediate certificates. Copy their entire contents into a text editor and upload them to your server for maximum security.

Step 2: Create Certificate Snap-in

• Open Start > Run > type MMC (Microsoft Management Console), and click OK
• Go to File > Add/Remove Snap-in in the MMC console and tap the Add tab
• Choose Certificates from the list of snap-ins and click the Add button
• Select Computer Account and click Next
• Choose Local Computer > click Finish
• Close the snap-ins window > go to Add/Remove Snap-in window > click OK

Step 3: Install Intermediate certificate

• Go to MMC console > double-click on the Intermediate Certification Authorities folder (left-side pane)
• Navigate to the Certificates option and right-click on it.
• Select All Tasks > Import
• The Certificate Import Wizard will open.
• Click Next
• Locate your Intermediate Certificate file to proceed and click Next.
• Select Place all certificates in store
• Choose Intermediate Certificate Authorities.
• Click OK
• To successfully complete the import process, click Finish.
• A confirmation message will appear to confirm its successful conclusion; tap OK, and you’re all set!

Step 4: Install Primary SSL Certificate

• Go to Start > Programs > Microsoft Exchange > System Manager
• Go to the Administrative Groups folder, and expand the First Administrative Group
• In the Servers folder, click on Exchange Server Container
• Next, navigate to Protocols, and go through each protocol you want to configure.
• Start the Certificate Wizard in the new window by selecting the Access tab and clicking on Certificate
• On the Pending Certificate Request page, choose Process the pending request and install the certificate, & tap Next
• Go to Process a Pending Request window, and provide the location of your SSL Certificate where you have saved the certificate received from your SSL provider)
• Double tap the Certificate Summary box, and click Next
• Click Finish, and you are done!

Install SSL Certificate on Exchange 2007

• Save the SSL Certificate files provided by your provider to your server’s directory.
• Go to Start, click Run, and type MMC.
• Click OK
• Navigate to the top-left corner in the Console, and click on File > Add/Remove Snap-in
• Next, choose Certificates, click on Add
• Select Computer Account
• Click Next
• Choose Local Computer > tap Finish
• Hit OK to close Add/Remove Snap-ins
• Locate the Certificates folder in the console, expand it and right-click on Intermediate Certificate Authorities
• Go to All Tasks > click Import to open the Certificate Import Wizard
• Open Certificate Import Wizard > click Next > Browse to locate your Intermediate Certificate file, and press Next
• Select Place all certificates in this store: Intermediate Certificate Authorities.
• Click Next, and Finish
• Go to the Start menu, select Microsoft Exchange Server 2007, and click Exchange Management Shell
• Type this command to import the certificate. (Make sure to replace the certificate location)

Import-ExchangeCertificate -Path C:\your_certificate.crt

• Use the below command to enable SSL

Add Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS”

• Close the Exchange Management Shell.
• You have successfully installed your Microsoft Exchange 2007 server!

Install SSL Certificate on Exchange 2010

1: Create “Certificate Snap-in”

• Go to Start > Run > type MMC (Microsoft Management Console)
• Open File and select Add/Remove Snap-in
• Now select Certificates from the Add/Remove Snap-in box and click Add
• Next, tap on Computer Account
• Click Next
• Select Local Computer & click Finish
• Exit the Add Standalone Snap-in window and click OK

2: Intermediate Certificate Installation

• In the MMC, locate the left menu and right-click on Intermediate Certificate Authorities
• Choose All Tasks > Import
• Click Next in the Certificate Import window
• Hit the Browse button to locate the intermediate certificate file on your computer
• Click Next
• Select “Place all certificates“ from the Store
• Pick Intermediate Certificate Authorities from Select Certificate Store window.
• Hit OK > click Next
• Click Finish and press OK
• Click NO to remove the console settings

3: Primary Certificate Installation

• Go to Start > All Programs > Microsoft Exchange Server 2010 > Exchange Management Console.
• Select Microsoft Exchange On-Premises > Manage Databases
• Click on Server Configuration
• Choose your Primary SSL certificate from the Exchange Certificates
• Click Complete Pending Request from the right-side Actions menu
• Next, click Browse to locate the path of your Certificate
• Press Open
• Come back to the Complete Pending Request window
• Tap Complete
• Tap the Finish button & return to the console.
• Choose Assign Services to Certificate from Actions menu
• Select the server you want the certificate to be installed into
• Tap Next
• Pick the services you wish to secure
• Click Next
• Click Assign > Finish
• You are done!

Install SSL Certificate on Exchange 2013 & 2016

1: Create Certificate Snap-in

• Go to Start > Run > type MMC & hit OK
• From File menu, select Add/Remove Snap-in
• Select Certificates from the Add/Remove Snap-in box
• Click Add
• Tap on Computer Account & hit Next
• Select Local Computer & press Finish
• Exit from the Add Standalone Snap-in window and click OK button.

2: Install Intermediate Certificate

• In the MMC, locate the left menu and right-click on Intermediate Certificate Authorities
• Choose All Tasks > Import
• Click Next
• Hit the Browse button to locate the Intermediate Certificate file & click Next
• Select Place all certificates in the store and choose Intermediate Certificate Authorities from the Select Certificate Store window.
• Hit OK & click Next
• Click Finish > OK to close the MMC console.
• Click NO to remove the console settings

3: Primary Certificate Installation

• Log in to the Exchange admin center
• Go to Servers and click on Certificates
• Choose your SSL Certificate; it will have a Pending request status.
• Click Complete
• Enter your SSL Certificate’s network path & Click OK
• Get back to the Certificate and click Edit
• In the next window, choose Services, and select the services you want to enable
• Hit the Save button.
• our SSL Certificate is up & running!

Installing SSL certificate on Exchange 2019

• Open the EAC and go to Servers > Certificates
• Choose the Exchange server from the Server list
• Click on More Options ***, and choose Import Exchange certificate
• An Import Exchange Certificate wizard will open.
• Provide these information
  • File to import from: Enter the UNC (Universal Naming Convention) path and filename of the certificate file.
  • Password: The file is password-protected if it contains the private key or chain of trust
• Click Next
• In “the Specify the servers you want to apply this certificate to” page, hit the Add+ button
• Choose the Exchange Server where you want to import your certificate and click Add > OK
• Open the EAC and go to Servers > Certificates
• Choose the Exchange Server from the Server list
• Pick the certificate you want to install and click Edit.
• In the “Specify the services you want to assign this certificate to” page, choose the services.
• Click Save.
• You have successfully installed the SSL certificate

Troubleshooting Tips

SSL installation steps are never easy for Exchange Server, you may face errors as well. Here are some tips we have added to fix the SSL errors.

• The Private Key is missing or incorrectly entered.
• Certificate is not in its proper format (Example PEM or DER).
• You are using an outdated version of Windows Server or Exchange.
• There is a mismatch between the domain name & server name specified in your CSR and the actual domain name associated with your server.
• The Intermediate Certificates are missing from your web server.
• The Certificate Authority does not support Microsoft Exchange.
• Test your SSL installation with the SSL Checker Tool
• Perform these steps to Generate CSR on Microsoft Exchange Server.