Exchange 2013 and higher - Certificate installation
Immediately after being issued, your SSL certificate will be sent to you by email. It is also possible to download the certificate from the Control Panel. The file containing the certificate will have the same name as the domain name it is meant for (for example: www_sslcertificaten_nl.crt).
Note: It's common for Exchange installations to use a multi-domain certificate. Per November 2015 internal domain names can't be used anymore in certificates. Replace the internal domain names for fully qualified domain names.
This manual is for Exchange 2013 and higher. The manual describes how to install SSL using the Exchange Management Console.
- Place the received certificate file in the Exchange server's shared network folder (where the CSR is saved as well).
- To access the Exchange Admin Center, please open a web browser and type: https://localhost/ecp in the address bar.
- Login with Domain\user name and enter your password.
- Click on the Servers link in the column to the left and then on Certificates in the upper right corner.
- Select your certificate from the menu in the middle of the screen (shown by the "Friendly Name"), and click on Complete in the column to the right.
- Enter the shared network path where the certificate is saved and click on ok. The certificate should now be installed correctly on the server.
- To activate the certificate, please go back to the Certificates section of the Exchange Admin Center. Select the certificate you want to use and click on the Edit button.
- Click on Services on the left side. Select the services you wish to assign to the new certificate and click on save.
Make sure that when connecting via a proxy, it's posible for the Exchange server to reach the CRL (Certificate Revocation List) hosted by the Certification Authority. The resulting error would be that the certificate is not valid for use with Exchange, when it's not possible to connect to the CRL. The following command makes that Exchange can reach the CRL when connecting via a proxy service;
netsh winhttp set proxy proxy-server="<proxyserver>:<poort>" bypass-list="*.uw.domein"
All necessary steps to install your web server certificate have now been completed. Please make sure to adequately secure your certificate files, and to store a backup of your private key and web server certificate in a safe location. You should also install the root and intermediate certificates. Check whether the certificate is correctly installed with the SSLCheck and ensure an optimal configuration with these tips and settings.
Please do not hesitate to contact us if you encounter problems or error messages.