Some services, such as Outlook Anywhere, Cutover migration to Office 365, and Exchange ActiveSync, require certificates to be configured on your Exchange 2013 server. This article shows you how to configure an SSL certificate from a third-party certificate authority (CA).
Tasks for adding an SSL certificate
Create a certificate requestTo create a certificate request
Open the Exchange admin center (EAC) by browsing to the URL of your Client Access server, for example, https://Ex2013CAS/ECP.
Enter your user name and password by using the domain\user name format for user name, and choose Sign in .
Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is selected in the Select server field, and then choose New .
In the New Exchange certificate wizard, select Create a request for a certificate from a certification authority. and then choose Next .
Specify a name for this certificate, and then choose Next .
If you want to request a wildcard certificate, select Request a wild-card certificate. and then specify the root domain of all subdomains in the Root domain field. If you don't want to request a wildcard certificate and instead want to specify each domain that you want to add to the certificate, leave this page blank. Choose Next .
Choose Browse. and specify an Exchange server to store the certificate on. The server you select should be the Internet-facing Client Access server. Choose Next .
For each service in the list shown, verify that the external or internal server names that users will use to connect to the Exchange server are correct. For example:
If you configured your internal and external URLs to be the same, Outlook Web App (when accessed from the
Internet) and Outlook Web App (when accessed from the intranet) should show owa.contoso.com. Offline Address Book (OAB) (when accessed from the Internet) and OAB (when accessed from the intranet) should show mail.contoso.com.
If you configured the internal URLs to be internal.contoso.com, Outlook Web App (when accessed from the Internet) should show owa.contoso.com, and Outlook Web App (when accessed from the intranet) should show internal.contoso.com.
These domains will be used to create the SSL certificate request. Choose Next .
Add any additional domains you want included on the SSL certificate.
Select the domain that you want to be the common name for the certificate > Set as common name. for example, contoso.com. Choose Next .
Provide information about your organization. This information will be included with the SSL certificate. Choose Next .
Submit the request to certificate authority
After you've saved the certificate request, submit the request to your certificate authority (CA). This can be an internal CA or a third-party CA, depending on your organization. Clients that connect to the Client Access server must trust the CA that you use. You can search the CA website for the specific steps for submitting your request.
Import the certificate
After you receive the certificate from the CA, complete the following steps.To import the certificate request
On the Server > Certificates page in the EAC, select the certificate request you created in the previous steps.
In the certificate request details pane, choose Complete under Status .
On the complete pending request page, specify the path to the SSL certificate file > OK .
Select the new certificate you just added, and then choose Edit
On the certificate page, choose Services .