How to Install an SSL/TLS Certificate In Microsoft Exchange 2010
The following instructions will guide you through the SSL installation process on Microsoft Exchange 2010. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.
What You’ll Need
1. Your server certificate
This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
2. Your intermediate certificates
These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.
3. Your private key
This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
1. Copy your certificate
Copy your Primary Certificate to your Exchange Server’s desktop.
2. Select Exchange Management Console
Open the Start menu, go to Programs, select Microsoft Exchange 2010 and then choose Exchange Management Console.
3. Select Server Configuration
Click the Manage Databases link, then select Server Configuration.
4. Select Complete Pending Request
Find your certificate on the menu in the center of the screen, then click Complete Pending Request in the Actions menu.
5. Open your certificate
Find your certificate file, then select Open, then Complete.
Note: Exchange 2010 sometimes gives an error message, “The source data is corrupted or not properly Base64 encoded.” Hit the “F5” key to refresh and make sure it says “False” under “Self-Signed.” If it does still say true, you may need to regenerate your CSR on the current Exchange 2010 Server, or reissue your certificate.
6. Enable your certificate
Next you will need to enable your certificate, go back to the Exchange Management Console and select Assign Services to Certificate.
7. Select your server
Select your server, then click next.
8. Choose your services
Choose the services for which you would like to enable your new certificate: Next > Assign > Finish
Note: If you prefer to install your certificate using Exchange Powershell, just run the following command where just the desired services are specified by the Enable-ExchangeCertificate segment of the command:
Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path c:\your_domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"
Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.