How To Install SSL Certificate In Exchange Server 2016
To install the SSL certificate in exchange 2016,
You have to plan a few things before you proceed with your SSL certificate installation.
It is very important to choose the best third-party SSL Service, provider.
Why you need a third-party SSL certificate
As you know exchange server uses multiple protocols to communicate with clients, applications, and servers over the network.
These protocols are HTTPS, IMAP, POP, and SMTP.
When a client tries to authenticate the exchange server, these credentials are sent over the network and can be intercepted.
Third-party SSL is used to secure and encrypt these connections & credentials
To make the network traffic secure between server and client these SSL certificates are necessary.
Though the exchange server has its own self-sign certificate, it is not trusted by outside clients.
If you want to use it only for internal purposes and don’t want to buy a third-party SSL certificate.
You can use it. However, an internal certificate does not trust by external computers.
So, you must use a trusted CA certificate
How to choose SSL Certificate for Exchange Server 2016
First choose the trusted brand that provides the SSL certificate like comodo, DigiCert, etc.
Make sure about the namespace included in the SSL certificate.
For how long you are buying it, like for 1 yr, 2 or more.
Furthermore, confirm the validation date of the issued certificate.
Namespace included in SSL certificate
There are two scenarios where you can consider what namespace should you include in your exchange SSL certificate.
If you have a single site and simple exchange server environment and want to cross down the cost of SSL.
You can choose three main names for your SSL.
for example, our domain is techijack.com
we have configured our internal and external URL as follows
- Ecp: External & Internal URL: https://mail.techijack.in/ecp
- Ews: External & Internal URL https://mail.techijack.in/EWS/Exchange.asmx
- Mapi: External & Internal URL: https://mail.techijack.in/mapi
- Microsoft Active Sync: External & Internal URL: https://mail.techijack.in/Microsoft-Server-ActiveSync
- OAB: External & Internal URL: https://mail.techijack.in/OAB
- OWA: External & Internal URL: https://mail.techijack.in
- Autodiscover: https://autodiscover.techijack.com/autodiscover/autodiscover.xml
Note: You have to set the autodiscover url from the exchange management shell, it cannot be set from the exchange admin center.
Now we need three names in our SSL certificate.
These names are Mail.techijack.com, autodiscover.techijack.com, and techijack.com
Moreover, POP, IMAP & SMTP services can be assigned a different namespace.
However, if you decide a separate namespace for IMAP, SMTP, and POP
Therefore, you have to include these names as well as in your certificates.
For example: imap.techijack.com, smtp.techijack.com, & pop.techijack.com
It may increase the cost of an exchange SSL certificate but there are organizations.
Therefore, they plan their namespace like this.
Installation Of SSL Certificate in Exchange Server.
In the first place, you need to create a CSR file from your exchange server.
Submit the CSR file to the SSL service provider.
Get the certificate
Complete the request.
As a result check, a certificate is valid or not.
The below video explains how you can install SSL on exchange server 2016
In case of any problem, leave a comment or feel free to contact techijack.com