Quantcast
Channel: Exchange Server 2016: Configure SSL certificate
Viewing all articles
Browse latest Browse all 8

Exchange Server 2016: Configure SSL certificate

0
0
Revision 7 posted to TechNet Articles by Richard Mueller on 5/1/2017 8:37:13 AM

In this article we will have a look at the steps to configure SSL certificates in Exchange 2016 post installation.

If you have exchange 2016 in Exchange 2013 coexistence you wouldn’t need to worry about this part. Because the already configured Exchange 2013 CAS server will have the capability to up proxy the requests to Exchange 2016 servers and you can stay relaxed for a while until the you decide to remove the Exchange 2013.

But if you have them in Exchange 2010 coexistence then you will need to move all of your external URL’s and place your SSL certificates into the Exchange 2016 servers.

Now we will have a look at how to place an  SSL certificate request in Exchange 2016 and complete them using a third party CA.

The configuration is the same as Exchange 2013 and the only change is the for internet facing CAS server will be now  internet facing mailbox server.

In-order to perform this action open EAC – click servers – and select certificates

C1

 

Give it a friendly name as below

Tets

 

Enter the domain name

If you are going to use wild card you can select the wild card certificate option.

Using wild card will cover your root domain and additional it covers one subdomain.

In this case we are using wild card since its a lab and we are using a complimentary subscription provided by digicert through MVP program.so in my case it would cover mail.exchangequery.com, Autodiscover.exchangequery.com, owa.exchangequery.com etc.,

If we try Test.mail.exchangequery.com then it will not cover since it covers only one subdomain before that wildcard.

Its always better to use SAN since if its a SSL then your private key will be used in most of the sub domains

C3

After this completes just click on next and choose one internet facing mailbox server in Exchange 2016

C4

 

Fill the required information as below

C5

 

Place a location to save the csr request as below

33

 

You can see the cert request generated as below in the location you mentioned

C6

 

 

After the above task is completed  you can see the certificate request in pending state in the certificates tab as below.

Now we can submit this request to a third party CA and get a new SSL certificate for your domain.

There are so many good providers but we recommend digicert as we have seen their support to be very prompt and all together provide a competitive pricing

C7

 

Now copy paste the CSR request we generated in Exchange 2016 as below. Now you can select the server software as Exchange 2013 and with that it would be working until they add Exchange 2016.

s3

 

Once you get the SSL certificate from the certificate provider now we need to complete this request by importing them into the Exchange 2016 internet facing server.

 

You can see the certificate that we requested in pending state as below

Final

 

So click on complete and you will get a pop up window to import the SSL certificate.

Just import the certificate that you got from the certificate provider and then complete the request.

Now we have successfully completed the SSL certificate request in Exchange 2016

 

Important Notes: 

If you are doing a SSL offloading on your reverse proxy like F5 LB’s for the exchange services then you should not follow the above steps.

In that case you just need to make a certificate request from your F5, generate a certificate for them through public CA and then import on the reverse proxy.

Just uncheck the option require SSL on the IIS exchange virtual directories. Because the connections from the internet to F5 will be SSL encrypted but incoming connections from your F5 to exchange will be HTTP only.

Tags: SSL, has image, en-US, Exchange 2013, Exchange Server 2016, Exchange 2016

Viewing all articles
Browse latest Browse all 8

Latest Images

Trending Articles





Latest Images