When you are configuring SSL certificates for Exchange Server 2013 you may choose to issue the certificates from a private certificate authority rather than a commercial CA.
This is a common approach for non-production systems or those that will not be internet-facing and so will only receive connections from domain-joined clients that already trust the private CA.
The first step is to generate the certificate request for the Exchange 2013 server.
When you have the certificate request file ready open a web browser and navigate to the web enrolment page for the private CA. Click on Request a Certificate.
Choose to submit an advanced certificate request.
Choose the second option, to submit a certificate request using a file.
Open your certificate request file in Notepad and copy the contents into the form, then change the certificate type to Web Server.
Click Submit when you are ready and the CA will begin processing the request. When it is complete you can click the link to download the certificate to your computer.
The next steps in the process of configuring SSL certificates for Exchange 2013 are: