Skip to main content

Exchange 2016: Create CSR and Install SSL Certificate


Exchange 2016: Create CSR and Install SSL Certificate
Creating a CSR and installing your SSL certificate on your Microsoft Exchange Server 2016
A.    How to create your certificate signing request (CSR).
      B.    Generate the SSL certificate on GoDaddy.
      C.    How to Install and Configure Your SSL Certificate.

A.    Exchange 2016: How to Create Your CSR
Using the Exchange Admin Center (EAC) to Create Your CSR
1.     Access the EAC by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).
2.     On the Exchange Admin Center credentials page, type your Domain/user name and Password and then click sign in.
3.     In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.
4.     On the Certificates page, in the Select server drop-down list, select your Exchange 2016 server and then click the + symbol.
5.     In the new Exchange certificate wizard, select Create a request for a certificate from a certification authority and then click Next.
6.     In the *Friendly name for this certificate: box, type a friendly name for the certificate and then click Next.
The friendly name isn't part of the certificate; instead, it's used to identify the certificate only. It is good to add some meaningful name like Cert provider and expiration date , these information helps you to identify the Cert easier and helps distinguish multiple certificates with the same domain name
7.     Wildcard Plus Certificate
Note: if you are not creating a CSR for wild certificate, click Next.
To create a CSR for a wildcard certificate, do the following:
Check Request a wild-card certificate.
In the *Root domain: box, type the root domain for all the sub-domains. (e.g., *.example.com).
Click Next.
8.     In the *Store certificate request on this server box, click Browse…, select the server you want to store the certificate request on, and then click Next.
9.     Select Domain(s) to Include on the SSL Certificate
Note: If you are creating a CSR for a wildcard certificate, skip this step by clicking Next and Next. Proceed to step 10.
To select the domain(s) that you want included on your SSL certificate, do the following:
           a.     Click Next.
              The wizard populates the list with domains that Exchange 2016 suggest you include in your certificate request. Although you can edit the list of domains on this page of the wizard, we recommend doing it on the next page.
         b.   On the next page, review the list of names/domains and use the +, , -, and symbols to add, edit, remove, and select the domains you want included on your SSL certificate.
           c.     When you are finished, click Next.
10.  Under Specify information about your organization, provide the following information and then click Next:
*Organization name:    Type your company's legally registered name (e.g., YourCompany, Inc.).
      *Department name:      Type the name of your department within the organization. Frequently,this entry will be listed as "IT" or "Web Security".
      *City/Locality:   Type the city/locality where your company is legally located.
      *State/Province:           Type the state/province where your company is legally located.
      *Country/Region name:           In the drop-down list, select the country/region where your company is legally
11.  Under *Save the certificate request to the following file, enter a UNC path to save your CSR to.
Note: Select a location that you can access. You must be able to access the location so that you can use the CSR to order your SSL certificate.
12.  Click Finish to generate the CSR and save it to the specified UNC path.
13.  Use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the SSL provider order form.
14.  After you receive your SSL certificate from SSL Provider, you can install it.

  B.    Generate the SSL certificate on GoDaddy

1.     Go to https://certs.godaddy.com/cert and log in
2.     Click on the certificate name
3.     Choose “Re-Key & Manage
4.     Click on the + symbol next to “Re-Key certificate
5.     Paste the CSR into the box and click Save
6.     Click “Submit All Saved Changes

C.    How to Install and Configure Your SSL Certificate.

After we validate and issue your SSL certificate, you need to install it on the Windows Exchange Server 2016 where the CSR was generated. Then, you need to configure the server to use it.
Install and Assign Services to Your SSL Certificate with the EAC.
v  Install SSL Certificate
1.    Download and open the ZIP file containing your certificate. Your certificate file will be named your_domain_name.cer.
2.    Copy the your_domain_name.cer  file to your Exchange 2016 server's network share folder (where you saved the CSR).
3.    Access the Exchange Admin Center (EAC) by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).
4.    On the Exchange Admin Center credentials page, enter your Domain/User name and password and then click Sign in.
5.    In the EACin the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.
6. On the Certificates page,in the center pane, select your certificate request and then in the certificate request details pane to the right, under Statusunder click the Complete link..
7.    In the complete pending request wizard, under *File to import, enter the UNC path to where your SSL certificate file is located (e.g., \\example\certificates\your_domain_name.cer) and then click Ok.
3.    The certificate should be successfully installed on your Exchange 2016 server, and the status of your certificate request should now be Valid.
v  Assign Services
1.     On the Certificates the page , in the center pane, select the SSL certificate you just installed and then click   (pencil).
2.     In the "certificate" window, click Services.
3.     Next, check all the services for which you want to enable your SSL certificate (IMAP, POP, IIS and SMTP) and then click Save. if you are renewing the certificate you may receive an alert shows that these services are already assigned to different certificate , you can proceed the assignment which will disable them on other certificates .
4.     Your SSL certificate should now be enabled for the services you selected on your Exchange 2016 server.

Note:
v  If you are renewing the old certificate, once you see valid status of your new certificate on Exchange ECP, then you can remove the old one.
v  If you have more than one mail servers, you need to export the configured certificate then import it to other mail servers with same assigned services.



Labels:

Comments

Post a Comment

Popular posts from this blog

Exchange OWA Error (Something Went Wrong)

Exchange OWA Error (Something Went Wrong) Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA, ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error. An unexpected error occurred and your request couldn't be handled. X-ClientId: 15BED63F62FB4FDB809703ED2534C19D request-id 1ac56275-a1ab-48cf-9f82-880c49767a19 X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException X-OWA-Version 15.1.1415.4 X-DAGServer COMM X-DAGerver COMM Date:11/07/2018 3:30:06 PM Description: Unable to find the certificate with thumbprint [Thumb code] in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token. or invalid or expired ' Microsoft Exchange Server Auth Certificate' Solution: Create new  Microsoft Exchange Server Auth Certificate  1.      Open Exchange admin Center ECP, then go to servers, certificates, find Microsof...
Post a Comment
Read more

CredSSP Encryption Oracle Remediation RDP issue

  CredSSP Encryption Oracle Remediation RDP issue An update released by Microsoft ( KB 4093492 )on  May 8, 2018 , for Windows 10 Operation System was targeted to change the default settings CredSSP from  Vulnerable  to  Mitigated . However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols. This has been reported to cause an error thrown by Windows RDP as below: Solution: Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access. 1. Open Group Policy Editor, by executing  gpedit.msc 2. Policy path:  Computer Configuration -> Administrative Templates -> System -> Credentials Delegation Run  gpedit.msc  and expand  Administrative Templates Expand  System Expand  Credential Delegation Edit  Encryption Oracle Remediation Select  Enabled  and change Production Leve...
Post a Comment
Read more

How to configure E-Mail notification in WSUS

How to configure E-Mail notification in WSUS The WSUS server can be configured to send e-mail notifications of new updates and reports on the status of the WSUS network. Notifications will be sent whenever the WSUS server synchronizes new updates, and status reports can be sent daily or weekly.  Set up e-mail notifications In the WSUS Administration console, click  Options in the left pane. In the center pane, click  E-Mail Notifications . Click the  General If you want update notifications, select the  Send e-mail notification when new updates are synchronized check box. In the  Recipients box, type the e-mail addresses of the people who should receive update notifications. Separate the names with semi-colons. If you want status reports, select the  Send status reports check box. In the  Frequency box, select either  Daily  or  Weekly . In the  Send repo...
Post a Comment
Read more