Exchange Server SSL Certificate


Secure Sockets Layer (SSL) certificates help to protect communication between your Exchange servers and clients and other mail servers by encrypting data and, optionally, identifying each side of the connection. Certificates can be issued by third-party certificate authorities (CAs), issued by an internal CA, or self-signed.

Best practies names should be included in the certificate:

  • Common Name (CN):
    • mail.domain.com
  • Subject Alternative Names (SAN)
    • mail.domain.com.
    • autodiscover.domain.com
    • domain.com

Exchange 2013 SSL Certificates CSR Creation

If you already have your SSL Certificate and just need to install it, see Exchange 2013 SSL Installation Instructions.

Create your CSR with Exchange PowerShell

Run the following commands.

  1. $reqfile = New-ExchangeCertificate -GenerateRequest -SubjectName “C=US,o=Contoso,cn=mail.domain.com” -DomainName “mail.domain.com, autodiscover.domain.com, domain.com” -PrivateKeyExportable $true
  2. $reqfile | out-file c:\certreq.txt

Create your CSR with the New Exchange Certificate Wizard

  1. Access the Exchange Admin Center by opening a browser and browsing to https://localhost/ecp
  2. Login using Domain\user nameas the format for the user name and enter your password.
  3. Click the link to Serversin the left column, then Certificates at the top right, then the + symbolecertificates (1)
  4. The “new exchange certificate” wizard will appear in a pop-up window
  5. Choose “Create a request for a certificate from a certification authority”certificates (9)
  6. In the friendly name field, enter a name by which you will remember this certificate in the future.certificates (2)

—This name is not an integral part of your certificate request.

  1. You can check the box and enter the root domain name if you will be generating the CSR for a wildcard. Otherwise, just go to the next screen.certificates (6)
  2. Hit Browse to choose which server you want to store the certificate request on.certificates (7)
  3. If you are doing a wildcard cert, you will skip this step. From the list, select the services which you plan on running securely by using Ctrl+Click to highlight the services.       certificates (4)

At the next screen, you will be able to review a list of the names which Exchange 2013 suggests you include in your certificate request.

—Review those names and add any extra names by using the + button.certificates (5)

  1. Your Organization name should be the full legal name of your company.

—Your Department name is your department within the organization.

—If you do not have a state/province, enter the city information again.certificates (3)

  1. Enter a network share path to save the CSR to your computer as a .req file, then Finish.           certificates (8)
  2. You should now be able to open the CSR with notepad or WordPad, and you will want to copy the entire body of that file into the Public CA or internal CA order process.
  3. After you receive or download your SSL Certificate, you can install it.

For commercial certificate authorities I recommend using Digicert.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s