Use the DigiCert® Certificate Utility for Windows to create a CSR and install your SSL certificate on your Exchange 2016 server

These instructions explain how to use the DigiCert® Certificate Utility for Windows and the Exchange Admin Center (EAC) to create your CSR, to install your SSL certificate, and to configure your Exchange 2016 Server to use the certificate.

DigiCert® Certificate Utility for Windows

If you are looking for a simpler way to create your CSRs (Certificate Signing Requests) and install and manage your SSL certificates, we recommend using our DigiCert Certificate Utility. For more information about our certificate utility, see DigiCert® Certificate Utility for Windows.

Use the instructions on this page to create your certificate signing request (CSR) and to install and assign your SSL certificate.

  1. To create your certificate signing request (CSR), see Exchange 2016 Server: Creating Your CSR with the DigiCert Utility.

  2. To install your SSL certificate, see Exchange 2016 Server: Using the DigiCert Utility and EAC to Install Your SSL Certificate.

If you prefer not to use the DigiCert Utility or for some reason cannot use the utility, see Exchange 2016: Create CSR and Install SSL Certificate.

 

1. Exchange 2016 Server: Creating Your CSR with the DigiCert Utility

Our Certificate Utility can streamline your CSR creation process by enabling you to generate the CSR with just one click.

  1. On your Exchange 2016 server, download/save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.

    DigiCert Utility Create CSR

  4. On the Create CSR page, enter the following information:

    Certificate Type: Select SSL.
     
    Common Name: Enter the fully qualified domain name (e.g., www.example.com).
    You may also enter the IP address.
     
    Subject Alternative Names: If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include.
    (e.g., www.example.com, www.example2.com, and www.example3.net)
     
    Organization: Enter your company's legally registered name (e.g., YourCompany, Inc.).
     
    Department: (Optional) Enter the department within your organization that you want to appear on the SSL certificate.
     
    City: Enter the city where your company is legally located.
     
    State: In the drop-down list, select the state where your company is legally located.
    If your company is located outside the USA, you can enter the applicable name in the box.
     
    Country: In the drop-down list, select the country where your company is legally located.
     
    Key Size: In the drop-down list, select 2048.
     
    Provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider,
    unless you have a specific cryptographic provider.

    Enter CSR Details

  5. Click Generate:

  6. On DigiCert Certificate Utility for Windows© - Create CSR page, do one of the following, and then, click Close:

    Click Copy CSR Copies the certificate contents to the clipboard.
    If you use this option, we recommend that you paste the CSR into a tool such as Notepad.
    If you forget and copy some other item, you still have access to the CSR, and don't have to go back and recreate it.
     
    Click Save to File Saves the CSR as a .txt file to the Exchange 2016 server .
    We recommend that you use this option.

    Save or Copy CSR Contents

  7. Use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the DigiCert order form.

    Ready to order your SSL certificate

    Buy Now Learn More
  8. After receiving your SSL certificate from DigiCert, you can use the DigiCert Certificate Utility to install it.

 

2. Exchange 2016 Server: Using the DigiCert Utility and EAC to Install Your SSL Certificate

If you haven’t created your CSR with the DigiCert Certificate Utility and ordered your SSL certificate, see Exchange 2016 Server: Creating Your CSR with the DigiCert Utility.

After we validate your order and issue your SSL certificate, use the DigiCert Certificate Utility, to install the certificate file on your Exchange 2016 server. Then you use the EAC (Exchange Admin Center) to assign the certificate to services.

To install your SSL certificate on your Exchange 2016 server, complete the steps below.

  1. Import your SSL certificate to your Exchange 2016 server with the DigiCert Certificate Utility.

    How to Import Your SSL Certificate Using the DigiCert Certificate Utility

  2. Use the EAC (Exchange Admin Center) to assign your SSL certificate to services.

    How to Use the EAC to Assign your SSL Certificate to Services

 

i. How to Import Your SSL Certificate Using the DigiCert Certificate Utility

After we issue your SSL certificate, use our DigiCert Certificate Utility, to install the SSL certificate file to your Exchange 2016 server.

  1. On the Exchange 2016 server, where you created the CSR, open the ZIP file that contains SSL certificate and save the contents of the file (e.g., your_domain_com.cer) to the folder where you saved the DigiCert Certificate Utility executable (DigiCertUtil.exe).

  2. Run the DigiCert Certificate Utility.

    Double-click DigiCertUtil.

  3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.

    Import an SSL Certificate

  4. In the Certificate Import wizard, click Browse, then browse to the .cer certificate file (e.g., your_domain_com.cer) that DigiCert sent you, select the file, click Open, and finally, click Next.

    Certificate Import wizard

  5. In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.

    Note: The friendly name is not part of the certificate; it useful for identifying the certificate.

    We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    Certificate Import wizard

  6. To import the SSL certificate to your server, click Finish.

  7. You should receive a message that the certificate was successfully imported.

    Note:You should now see your SSL certificate in the DigiCert Certificate Utility for Windows©

    Import an SSL Certificate

  8. Now that you've successfully installed your SSL certificate on your Exchange 2016 server, you must assign the certificate to the appropriate services.

 

ii. How to Use the EAC to Assign your SSL Certificate to Services

After you’ve installed the SSL certificate on the Exchange 2016 server, you will use the EAC to assign the certificate to services.

  1. On the Exchange 2016 server where you imported your SSL certificate with the DigiCert Certificate Utility, access the Exchange Admin Center (EAC) by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).

  2. On the Exchange Admin Center credentials page, enter your Domain/user name and Password and then click sign in.

  3. In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.

  4. On the Certificates page, in the center pane, select the SSL certificate you just installed and then click (pencil).

  5. In the "certificate" window, click Services.

  6. Next, check all the services for which you want to enable your SSL certificate and then click Save.

  7. Your SSL certificate should now be enabled for the services you selected on your Exchange 2016 server.

Exporting an SSL Certificate to Your ISA Server - Very Important

When exporting an SSL certificate, you must include all certificates in the certification chain when prompted. If you do not include all the certificates in the chain, your certificate will not work properly.

If you are using an ISA (Internet Security and Acceleration) server in front of your Exchange 2016 server, or if you need to export your SSL certificate to any other Microsoft server type, see our a step-by-step walkthrough Exchange export instructions.

If you need help fixing an SSL certificate installation issue, check out our DigiCert® Certificate Utility for Windows.