How to Install a Certificate in Exchange 2013

Uncategorized

 

Log into the Exchange Admin Center by going to your CAS server at https://CASSERVERNAME/ECP:

image

Now navigate to Servers->Certificates

image

Select the CAS server you want to push it to, in our case we will select PHDC-E15CAS01.E15.corp

image

Now, select the + sign which will bring up the New Exchange Certificate wizard:

image

Create a friendly name for the certificate:

image

At the next screen you can decide to request a wildcard certificate, where you would enter the root domain.  For example, if you wanted a wildcard certificate for exchange15.com, your screen would look like the following:

image

If you want to create a SAN certificate, leave this unchecked and select next.

Select the server to store certificate on, in our case, the same server we are requesting it for PHDC-E15CAS01:

image

Next, you need to select the services that you want to assign to the external domain, and the FQDN of that service.  In our case, everything will be to email.exchange15.com.  Select each service that does NOT say (when accessed from the intranet) and click the pencil icon to edit the domain:

image

image

image

When you click next, it will show you the domains that will be added to the certificate.  If you have any accepted domains in your organization, it will add the autodiscover.accepteddomain.com entry to the certificate:

image

When you click Next, you will need to fill out the information for the organization requesting the certificate:

image

Select the location to save the certificate.  If you don’t have a network share pre-configured (with the exchange trusted subsystem as an administrator), then you can store it on the C drive of the CAS server with \\phdc-e15cas01.e15.corp\c$\newcertreq.req

image

Now when you see the request, it will be pending:

 

image

Now we need to submit this request to a certificate authority to complete the request.  In our case, we will use a Windows 2008 R2 CA to do so.

Log into your certificate authority at https://CA/certsrv

Select Request a Certificate-> Advanced Certificate Request-> Submit a Certificate Request by using…

Open the request you saved before in notepad:

image

Copy and past that into the Base-64-Encoded…field, and set the Certificate Template to Web Server:

image

Hit submit to finalize, and you should see the option to Download Certificate or Download the Certificate Chain.  Select Download the certificate and save the file to the shared location that you saved the request file to.  Next, download the Certificate Chain to the same location, as we will need to import the CA certificate to the host to ensure it trusts the certificate.  certnew.cer is the exchange servers certificate, certnew.p7b is the CA certificate.

image

To import the Certificate Authority certificate, RDP into PHDC-E15CAS01.  Open up a blank MMC console and add the certificates snapin for the local account:

image

Expand and select Certificates underneath Trusted Root Certification Authorities

image

Right click Certificates select Import->All Tasks->Import

image

Select the Certificate Authority certificate you downloaded before:

\\phdc-e15cas01.e15.corp\c$\certnew.p7b

image

Select Next and Finish.

Return to Exchange Admin Center, select the pending request certificate, and on the right hand side select Complete

image

image

A new dialog box will open up, enter the path to the certnew.cer file, in our example this would be:

\\phdc-e15cas01.e15.corp\c$\certnew.cer

image

Now we need to assign this certificate to the specific services we want, select the certificate and click the pencil icon.  Then click services, and lets check off which services we want.  We are going to want to add SMTP and IIS:

image

You will receive a warning about overwriting the existing certificate, just select yes:

image

That’s it, you are all set! When we go to the site and check the certificate:

image

We are now utilizing the new cert!

Comment

  1. M Tayyab

    Dear Port25GUy

    I have followed all your steps described above. But when i try to complete the pending request in exchange ECp it says “A special RPC error occurs on server. the certificate with thumbprint F17… was not found”

    Could not sort out this error. Kindly advise

    M TAyyab

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>