To install an Exchange 2016 SSL certificate the process is:

  1. Generate a certificate signing request (CSR)
  2. Submit the CSR to a certificate authority, such as Digicert, and download the issued certificate
  3. Complete the pending SSL certificate request in Exchange
  4. Assign the certificate to Exchange services

In this tutorial we’ll look at step 3, completing the pending SSL certificate request.

The certificate has already been downloaded and placed in a location that is accessible by the Exchange server’s computer account, or by the Exchange Trusted Subsystem group. You will need to provide the UNC path to the file when completing the pending certificate request. I’ve placed my certificate in the C:Admin folder of my Exchange server.

In the Exchange Admin Center navigate to servers, then certificates. Choose the Exchange server you need to complete the pending certificate request for, and selecting the pending request. Click the Complete link on the right side of the page.

exchange-2016-complete-pending-ssl-certificate-request-01

Enter the UNC path to the certificate file and click OK.

exchange-2016-complete-pending-ssl-certificate-request-02

If the import is successful the certificate should now appear with a status of “Valid”.

exchange-2016-complete-pending-ssl-certificate-request-03

The next step is to assign or enable the certificate for Exchange services.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. mbiko ngoma

    after complete with upload of .cer file it still remains on pending when you click complete and upload same file it says certificate already exists

    1. John Mays

      Same question – what do you do to fix or trouble shoot this?

  2. Shane King

    HI Paul,

    As usual yours is the best advice.

    How do I rekey a cert for Exchange 2016. I tried searching the web for specifics but could not find a thing. Is it as simple as creating a new cert and following the process. Is there a best practice we should follow when a cert request process goes pear-shaped and we need to re do it again?

    1. Paul Cunningham

      If you’re re-keying check with your certificate provider as they should have specific instructions for you.

  3. Brodie

    Awesome Article.

    I was having an “issue” where the EAC was telling me “The source data is corrupted or not properly Base64 encoded.” and I was looking though the comments of your 2013 article.
    You replied to a comment saying the EAC displays incorrect information sometimes.

    I wanted to leave this here in case someone has the same issue as it helped me solve my non issue.

  4. Austin Amuok

    Great article. Thanks for your assistance!

  5. MP

    Fantastic job, well done!

Leave a Reply