Exchange Server 2016Microsoft

How To Install SSL Certificate In Exchange 2016

Check How Can You Install SSL Certificate On Exchange Server

How To Install SSL Certificate In Exchange Server 2016

To install the SSL certificate in exchange 2016,

You have to plan a few things before you proceed with your SSL certificate installation.

It is very important to choose the best third-party SSL Service, provider.

Thawte SSL Web Server (728*90)


Why you need a third-party SSL certificate

As you know exchange server uses multiple protocols to communicate with clients, applications, and servers over the network.

These protocols are HTTPS, IMAP, POP, and SMTP.

When a client tries to authenticate the exchange server, these credentials are sent over the network and can be intercepted.

Third-party SSL is used to secure and encrypt these connections & credentials

To make the network traffic secure between server and client these SSL certificates are necessary.

Though the exchange server has its own self-sign certificate, it is not trusted by outside clients.

If you want to use it only for internal purposes and don’t want to buy a third-party SSL certificate.

You can use it. However, an internal certificate does not trust by external computers.

So, you must use a trusted CA certificate


How to choose SSL Certificate for Exchange Server 2016

First choose the trusted brand that provides the SSL certificate like comodo, DigiCert, etc.

Make sure about the namespace included in the SSL certificate.

For how long you are buying it, like for 1 yr, 2 or more.

Furthermore, confirm the validation date of the issued certificate.

GeoTrust Web Site Anti-Malware Scan (728*90)

Namespace included in SSL certificate

There are two scenarios where you can consider what namespace should you include in your exchange SSL certificate.

If you have a single site and simple exchange server environment and want to cross down the cost of SSL.

You can choose three main names for your SSL.

for example, our domain is

we have configured our internal and external URL as follows


  • Ecp: External & Internal URL:
  • Ews: External & Internal URL
  • Mapi: External & Internal URL:
  • Microsoft Active Sync: External & Internal URL:
  • OAB: External & Internal URL:
  • OWA: External & Internal URL:
  • Autodiscover:

Note: You have to set the autodiscover url from the exchange management shell, it cannot be set from the exchange admin center.

Now we need three names in our SSL certificate.

These names are, autodiscover.techijack.comand

Moreover, POP, IMAP & SMTP services can be assigned a different namespace.

However, if you decide a separate namespace for IMAP, SMTP, and POP

Therefore, you have to include these names as well as in your certificates.

For example:,, &

It may increase the cost of an exchange SSL certificate but there are organizations.

Therefore, they plan their namespace like this.


Installation Of SSL Certificate in Exchange Server.

In the first place, you need to create a CSR file from your exchange server.

Submit the CSR file to the SSL service provider.

Get the certificate

Complete the request.

As a result check, a certificate is valid or not.

The below video explains how you can install SSL on exchange server 2016

In case of any problem, leave a comment or feel free to contact


Back to top button