Install SSL Certificate in Exchange 2010

Spread the love




After installing Exchange, you need to install SSL certificate in Exchange 2010 to secure email communications. By default a self-signed certificated is created when you install Exchange 2010. The self-signed certificate is not trusted by client computers or computers out on the Internet. So, we need to install public digital certificate which is trusted by all. You can also optionally install internal PKI infrastructure. But most of the time, simply purchasing a public certificate is more easier and preferred method.

Install SSL Certificate in Exchange 2010

Two main types of public certificates are SAN/UCC certificate and wildcard certificate. You can use either of them for Exchange server. SAN/UCC certificate has higher compatibility rate than digital certificate. SAN/UCC certificate can have more than one subject alternative name (domain name). Exchange server requires multiple domain names for OWA access, Autodiscover service, EWS, ActiveSync, Unified Communication, etc. You can plan the domain names to be used for Exchange server. Here, two domain names mail.mustbegeek.com and autodiscover.mustbegeek.com domain will be used. mail.mustbegeek.com domain name to access client access server features like, OWA, EWS, ActiveSync, etc and autodiscover.mustbegeek.com domain name to allow for Outlook and ActiveSync clients to setup their email automatically.

Log on to Exchange 2010. Open Exchange Management Console (EMC). Select Server Configuration on the left-pane. Select the server, MBG-EX01 from the server list.

Install SSL Certificate in Exchange 2010

From the Actions pane on the right, click New Exchange Certificate option.



Certificate Name

Type the friendly name to recognize the certificate and click Next.

wildcard certificate

Under Domain Scope, do not check the option, Enable wildcard certificate. Click Next.

Client Access Server (1)

Under Exchange Configuration, you can specify various URLs to be used by various Exchange services. For Outlook Web App and ActiveSync, both internal and external domain name is mail.mustbegeek.com as shown above.

autodiscover

Type mail.mustbegeek.com for outlook anywhere. Type autodiscover.mustbegeek.com for autodiscover URL to use. We won’t be using IMAP/POP and Unified Messaging, so uncheck options below them.

Hub Transport

Check option Use mutual TLS to help secure Internet mail and type the domain name mail.mustbegeek.com. If you have Exchange 2007 co-existence then you will need to use legacy domain as well. Check the option use legacy domains and type lecagy.mustbegeek.com if you have Exchange 2007. Click Next.

certificate domain names

Under Certificate Domains, you will see the domain names that should be on the digital certificate. So now, you need to purchase a SAN/UC certificate to add these two domain names and subject alternative names. Click Next.

company Info

Fill in the company info and click Next.

New Cert Request

Click New to create the certificate request.

Cert Request

As you can see the certificate request wizard has completed successfully. The wizard will create a .req file. You can open the file with Notepad and copy the texts to purchase the certificate. You can also see the recommended steps 1,2 and 3. Since we have requirement of multiple domain names to be on the certificate, we now need to purchase a SAN/UC certificate from certificate authority and complete the pending certificate request. You can purchase certificate from Certificate Authorities like, DigiCert, Comodo, etc. I just purchased a SAN certificate, now let’s install it.

complete pending request

Go to Exchange server and on the same page, from the Actions pane, Click Complete Pending Request to install the certificate.

complete

Browse the new certificate and click Complete.

completed successfully

The certificate installation has completed successfully. Now, let’s assign services to the certificate.

assign services

Select the new certificate and click Assign Services to Certificate from the Actions pane.

select servers

Choose the server and click Next.

select services

Check the services, SMTP and IIS and click Next.

click assign

Click Assign to assign services to the certificate.

overwrite

Click Yes to overwrite existing certificate.

completed

The new certificate installation has been completed successfully. In this way, you can install SSL Certificate in Exchange 2010.




The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.

Latest posts by Bipin (see all)

scroll to top