Microsoft Exchange Server

How to Install Configure Renew GoDaddy SSL Certificate In Exchange

In this article, I will explain how to Install Configure Renew GoDaddy SSL Certificate in Exchange Server 2013/2016/2019. I will create an SSL certificate request in Exchange 2013/2016/2019. You can visit the Go Daddy site and purchase an SSL Certificate. Then I will install the certificate that we have purchased on-line from a third party and apply it to the services that we can run such as Outlook Web Access (OWA). Note that if you plan to use the mobile device to sync email with exchange 2013/2016/2019 then you must buy an SSL certificate.

How to Create a Certificate Request in Exchange

When we want to create a certificate request then what we are doing is creating a request for a certificate that we can provide to the third-party likes of Go Daddy that tells them to create a certificate that trusts the domain names that we specify. Below steps I will create a certificate so that internal users of Outlook can connect to the internal Exchange 2013/2016/2019 server name, use Autodiscover to auto-configure Outlook, we will also add to the certificate request the external domain we will user for OWA. In this situation we will use the domain https://mail.domain.com (this is used for example).

To Generate a Certificate Signing Request – Exchange Server 2013/2016/2019

1- Log in to your Exchange Admin Center.
From the left menu, click on Servers, and then select Certificates.
Select the + sign to start the Exchange Certificate wizard.

exchange admin center certificates

2- select the checkbox “create a request for a certificate ……..”, and then click next.

new exchange certificate 2013

3- Type a unique name to identify the certificate, and then click next.

new exchange certificate name

4- If your CSR is for a godaddy wildcard certificate, Choose Request a wildcard certificate, type the root domain name, and then click next. Otherwise, click next.

new exchange certificate request

5- new exchange certificate request. click Browse

new exchange certificate store certificate

6- Choose a server to store the pending certificate request and then click ok.

new exchange certificate select server

7- Click Next.

new exchange certificate store certificate

8- This screen shows you what domains will be connected to with this certificate. I am only going to use the Outlook Web App (OWA), it matters not as we can change the domains we want on the next screen. Click next

new exchange certificate specify domain

9- This step is important; you want to make sure you have the following in your certificate request. (Example: mail.domain.com, Autodiscover.domain.com, Domain.com). Basically, we need to add or select any address that you will reference our exchange server as or connect to as. Click next

new exchange certificate domains

10- Provide your organization’s information, and then click Next:
Organization name – Provide your company or organization.
Department name – Provide the Department name, responsible for the certificate.
Country/Region name – Provide the country where the organization is registered.
City/Locality – Provide the name of the city where the organization is registered.
State/Province – Provide the name of the state/province where the organization is registered. Click Next

new exchange certificate information

11- This step will ask you where you want to save the request file. This is that file that we will provide to the third party for SSL Certificate. Please save it in your local share and provide a valid name and then click finish.

new exchange certificate save certificate

12- Now you can see my certificate request has been created, we now need to select a certificate provider (Like Go Daddy or any other), open this .req file in notepad.

windows explorer .req

How to Install Configure Renew GoDaddy SSL Certificate

13- Now you can see my certificate request has been created, we now need to select a certificate provider (Like Go Daddy or any other), open this .req file in notepad.

windows explorer .req

14- Copy text and submit this request file and then they will provide you with a certificate to answer the certificate request, this might take a few hours or more.

notepad .req

What SSL Provider Should I Use?

I have purchased unified SSL certificates for clients numerous times, they auto-renew the certificate yearly so you will not get issues with certificates expiring as you receive a notification. When you purchase bare in mind that you can normally purchase for 3 or 5 years, the longer you purchase for the cheaper they are and less admin work each year. You can use Certificates on all previous Exchange Servers also. Now I will go with Godaddy.

15- Login to your GoDaddy account, select SSL Certificate (Standard UCC SSL up to ….), and then click Manage.

godaddy ssl certificate

What’s Next?

16- Now you have generated the CSR, we must enter it in your account with us to request the SSL certificate.
Locate, copy, & paste the CSR into your online application to request the SSL Certificate.
Paste all of the text, including —-BEGIN NEW CERTIFICATE REQUEST—- and —-END CERTIFICATE REQUEST—-, in our online application. Select Add change.

godaddy certificate signing request

Download GoDaddy SSL Certificate

17- Once they approve our application, and then download the certificate (Download Zip File).

godaddy certificate download

18- Install the SSL certificate by completing the pending request, importing the certificate file, and then selecting the services to which the certificate applies.

windows explorer

How to complete the Exchange 2013/2016/2019 Certificate Request?

19- Select your SSL certificate pending request and then hit the complete button on the far right-hand side.

exchange admin center certificates

20- Simply enter the path to the certificate you will have received from your certificate provider and click ok.

exchange complete pending request

21- The certificate successfully imported, now we need to decide what services the certificate will apply to. You can select the SMTP and IIS if you are using OWA; I am using the defaults here which are SMTP, IMAP, POP and IIS.

exchange certificate services

Exchange 2013/2016/2019 is set up to use the certificate the one we have applied for and will use it when Outlook clients connect over SMTP and when connected over OWA using IIS. The process is now complete.
Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.

Related: How to Configure DAG (Database Availability Group) in Exchange 2019

Jamil Parvez

Jamil Pervez works as a Network Administrator, based in Kuwait with a Primary focus on Microsoft technologies. Microsoft Certified MCSE, MCTP, MCITP, CCNP, CCIP, CCVP with 20 years of experience in administering Windows Servers, Exchange, VMWare, Veeam B&R, Veritas BackupExec.

Related Articles

Leave a Reply

Back to top button