Exchange Server 2016Exchange Server 2019Open Source

Free SSL Certificate For Exchange Server | 6 Easy Steps

Get Free SAN Certificate For Your Exchange Server

How To Generate Free SSL Certificate For Exchange Server 

Establish a secure connection and email flow with a free SSL certificate for exchange by lets-encrypt.

An Exchange Server needs a Valid Third-Party SSL Certificate to fully function.

Though, Exchange has its own self-signed certificate already installed.

However, these certificates are not trusted by other devices.

So, An Exchange Server should have a proper and valid SSL certificate.

There are many third-party SSL providers that provide these certs like DigiCert, comodo, etc.

Companies deploying exchange for production avail these certificates from the trusted CA.

However, in the case of training and small-medium business.

Sometimes, it’s a challenge to install a valid SSL to test with all exchange features.

For example Autodiscover connectivity and hybrid migration to office 365.

Let’s Encrypt provides the free SSL service, that can be installed on an Exchange server to make the testing successful.


Generate Free SSL Certificate With Let’s Encrypt

With the help of Let’s encrypt win acme.

You can install the SSL Certificate on your exchange server.

Though, let’s encrypt provides SSL Certificate for multiple platforms and services.

But here we will only focus on installing SSL on the exchange server 2016.

GeoTrust Web Site Anti-Malware Scan (728*90)


Steps To Generate Free SSL Certificate

You need to download the Win acme from

free ssl certificate

Once you download it.

Create a folder by the name of Tools inside C drive.

Extract the files to this “Tools” folder.

ssl certificate win acme

Now open the command prompt with administrator privileges

Navigate to the tools directory, where the wacs.exe is located.

Once you are in the tools directory.

Now run the following command and hit enter.

Make sure to change the name of your domain and service like Owa and Autodiscover.

wacs.exe –target manual –host,, –certificatestore My –acl-fullcontrol “network service,administrators” –installation iis,script –installationsiteid 1 –script “./Scripts/ImportExchange.ps1” –scriptparameters “‘{CertThumbprint}’ ‘IIS,SMTP,IMAP’ 1 ‘{CacheFile}’ ‘{CachePassword}’ ‘{CertFriendlyName}'”

ssl certificate free

In this case, the domain name is

So, the main certificate will be issued to the host

Therefore, it also includes two other subject alternative names &

If the above command executes successfully.

The free SSL Certificate will be installed on your exchange server.

Therefore, it will also assign the certificate to the service IMAP, IIS & SMTP


Check Your Certificate Installation

To make sure that, installation of the SSL certificate to an Exchange server is successful.

You can visit the site

Put your domain name and click on the check server.

You will get the final result as below if the installation is successful.

Here, you can verify the common name and subject alternative name as well as.

let's encrypt tls certificate

Furthermore, if you need more clearance on the topic.

You can watch the following video to install free SSL on your exchange via let’s encrypt.


Few of more query was resolved by let’s encrypt such as


Do Let’s Encrypt support free SSL for Certificate for IIS?

Yes, you can install let’s encrypt certificates for IIS Website as well.


Is the Let’s Encrypt certificate is completely free?

Yes, there is no charge for this certificate.

However, it renews certs automatically within the time period of 3 months.


Are Free SSL Certificates safe?

Yes, as they are providing encryption communication between two devices.

They are safe, it is good to have even a free SSL cert, instead of using no certificate.

However, it validates the domain and may restrict it for the time period.

For example: comodo offers the trial certificate for 30 days only

Though, it does not include the subjective alternative name on cert.

If you talk about let’s encrypt, they provide you cert for only 90 days, and then you have to again renew it.

They do not offer free SSL for a complete one year.

Some of the Reuptated SSL Providers are DigiCert  Comodo  Sectigo



If you can purchase a valid third-party certificate that is best.

Having a free SSL certificate for your servers is better than no security.

So, you can install the free SSL Certs for testing and training purposes.

Moreover, in many cases, they are also used in small-medium businesses as well.


Exchange Mailbox Recovery | 4 Simple Step To Restore Mailbox

Techi Jack

Techi Jack is an alternate internet name for Vikas Jakhmola, an IT professional with more than 12 years' experience. Currently, he is working as a freelancer. His experience includes setting up networks and servers for multiple organizations. He has been working with the server since 2003. TechiJack, or Vikas Jakhmola, shares his expertise and knowledge on his blog and in training courses.
Back to top button