Install SSL Certificate on Microsoft Exchange Server 2019

In this post, we will guide you on how to install SSL certificate on Microsoft Exchange Server 2019.

MS Exchange Server 2019 is, without a doubt, one of the best mail servers globally. This mail server was first released in 1993. For public usage, they came first to sell the 4.0 version proudly. Now, they hold endless of seven versions continuously, but with one limitation, such as only with windows operating system, users can handle this server.

Install SSL Certificate On Microsoft Exchange Server 2019

How to install SSL certificate on Microsoft Exchange Server 2019?

To install SSL certificate, you need to take four steps, including:

  1. CSR creation - From the exchange server, you must create a certificate signing request. 
  2. Get an SSL Certificate - Buy SSL Certificate with UCC SSL Certificate Providers for Exchange Server.
  3. Created CSR to be sent to Certificate Authority - Created certificate signing request must be uploaded to the configuration page showing in your account created while purchasing SSL certificate.
  4. Need to download and apply certificate - Once you get the approval from the certificate authority, download it from the certificate authority’s portal or unzip the certificate received in an email, and install an SSL certificate on the exchange server.

Let’s have a look at steps in detail:

1.     CSR Creation

  • Step 1: Open the Exchange admin center. Here, you can see five tabs, such as a server, databases, database availability group, virtual directories, and certificates.
  • Step 2: Select the fifth tab “certificates,” and below the tab of the select server there, you have + symbol. Click on it, so you will get a new window with two choices, such as create a request for a certificate from a certificate authority and create a self-signed certificate.
  • Step 3: Here, you must choose the first option “create a request for a certificate from a certificate authority” Tap on the next button to enter a friendly name.
  • Step 4: You will have a new exchange certificate wizard where you have to write a friendly name for the certificate. Click Next.
  • Step 5: If you are not going to secure wildcard then skip the step “Request Wildcard Certificate” and click Next.
  • Step 6: You need to now browse the certificate stored on the server that you want to install on the server. Click Next.
  • Step 7: You will have now a window which shows different domain names that you wish to assign to the certificate, here you need to simply move to the next screen by pressing Next button.
  • Step 8: You will now have a domain list which will include in your certificate. Once you select and press the Next button, you will have a new screen asking for the below details mentioned in the next step.
  • Step 9: Fill up the details in a new window such as organization name, department name, city, state, and country. Tap the “Next” button.
  • Step 10: Here, you need to give a share folder location to save the CSR with name and .req extension and finally click on the Finish button. 

2.     Get an SSL Certificate

You need to browse for SSL Certificates to purchase your desired certificate. And as per your website security need (for example, single domain, multiple domains, wildcard domains) you should get them. You can proceed for selection and purchase the certificate after making the payment to the website.

3.     CSR Sent to Certificate Authority

  • Step 1: Once you have an SSL certificate, you will also have your account to complete the certification process. The first thing you need to copy and paste CSR to a given box and complete the certificate configure process. Remember, you need to keep the private key with you.
  • Step 2: After providing the required information, you need to validate the sent domain verification link in the email to complete the domain validation part. If you have chosen an EV or OV type certificate, then you need to submit a document to the certificate authority for further process.

In the case of the DV certificate, the certificate will be issued and sent to your email with a zip file that you need to download to the desired location on the server/desktop. From where you can proceed with the SSL installation on MS exchange server 2019. The zip file should contain the main certificate and CA bundle.

Now, your SSL certificate is ready to apply! You have completed the downloading process successfully. 

4.     Apply an SSL certificate

  • Step 1: Go to the Exchange admin centre and click on servers >> certificates tab. Check whether you have any pending requests; if yes, then on the right side, you will see the “Complete” option. Click on complete, and one pop up window opens immediately.
  • Step 2: Now, you must enter the path of the local disk/folder where you have downloaded/saved the SSL certificate. Click on the “OK” button, and by now, your request will be completed. To ensure the completion, a Valid tag is updated in the Status section of servers >> certificates tab. 

After applying the certificate, the next step is to assign the exchange services to the certificate.

Assign SSL certificate

  • Step 1: Now, it is time to assign the certificate. In the Exchange admin center, you need to click on the pencil icon showing on top of the left side window, you’ll see the “edit option” when hovering the mouse.
  • Step: 2 Click on the “edit option” and you will have a new window where you need to click on “services” showing on the left side.
  • Step:  3 When you click on the services option, you will have options like such as SMTP, IMAP, POP, and IIS to select to which you wish to assign the certificate. Click on the “Save” button. You will have a warning message regarding “Overwrite the existing default SMTP certificate”. You need to click on Yes button.

You can see the SSL certificate on your tab. Click on the padlock, and it shows a small message where you can view certificate if you wish.

Most organizations carry out their entire communications via emails only. And that’s why it’s critical to stay secure and avoid any potential threat of hackers and unauthorized third-party access.

One obligatory process of encrypting your data is by installing an SSL certificate.

Why SSL certificate is mandatory for MS Exchange Server?

Back in the day, people would have had to rush to their workplaces in order to check emails daily. Users were more regulated to use emails only in office and had no other source to access emails. However, these days, we have been using the emails right from mobile phones. That said, it has some downsides. However, when you use MS exchange server and its services then it is required to have an SSL certificate on it to save it from rising cyber-attacks. Have a look at the below scenario.

Take MITM (Man-in-the-middle) attacks, for instance:

MITM (man-in-the-middle) attack plays a role between two ends like the browser and the server and modifies the communication. The opposite party believes that s/he is talking to the intended person, but the entire communication is controlled by a hacker. It's more usual to keep information confidentially in an organization, or else hackers may fetch all your information easily.

To avoid this kind of circumstance, the SSL certificate is mandatory here.


The best part is that while earlier, it was challenging to do the technical stuff on your own, now with ready access to technology and easy steps (as mentioned above), you can easily install SSL certificate on Microsoft Exchange Server 2019.

Once the SSL certificate is installed, your communication between the email server and the client gets encrypted successfully. No more courses and no more hard work -- you just need to do a bit of smart work!