In order to utilize certificates, they must first be obtained and then installed.
Obtaining SSL certificates
To use SSL certificates in Exchange 2013, you will need to go through a process of generating a CSR (certificate signing request) on your Exchange server, submitting the request to one of the supported Certificate Authorities, and installing the certificate on the Exchange 2013. Once the certificate has been installed you need to enable the certificate for your chosen protocols (detailed later in this guide).
Command line CSR generation (Exchange Management Shell)
The full Microsoft support article can be viewed from the link below:
- Log into your Exchange 2013 server as an Exchange administrator
- Open the Exchange Management Shell and use the New-Exchangecertificate cmdlet to generate a new certificate request.
The following command is an example that you could use. This example assumes that:
- Your organization is called Acme Corp
- Your organization is located in the United Kingdom
- Your Exchange 2013 server’s FQDN is exchange.acmecorp.com
- You want to export your request to C:\
$reqfile = New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB,o=AcmeCorp,cn=mail.acmecorp" -DomainName "exchange.acmecorp.com" -PrivateKeyExportable $true $reqfile | out-file c:\certreq.txt
If you are unsure of how to run the above Exchange cmdlet, you will need to refer to the following Microsoft Support article for guidance:
Mimecast does not support self-signed certificates, so this request needs to be submitted to one of the recognized certificate authorities.
Installing SSL certificates
Once the certificate has been issued by the Certificate Authority, you need to import the certificate into the Exchange 2013 server. After installing the certificate onto your Exchange server, you will need to enable it for use with the SMTP or POP3 protocol. Use the instructions in the following Microsoft article to use the Exchange Certificate Management User Interface: