Q: Can I re-use the existing SSL certificate on my Exchange 2010 or 2013 servers for my new Exchange 2016 servers?

A: Yes.

There are three basic requirements of your Exchange 2016 SSL certificate:

  1. The certificate must contain the names (i.e. the URLs or namespaces) that clients will be connecting to over HTTPS, for example https://mail.exchangeserverpro.net/owa for Outlook on the web
  2. The SSL certificate must still be within its validity period (start and end dates)
  3. The SSL certificate must be from a certificate authority that the connecting clients (Outlook, web browsers, mobile devices, etc) trust

As long as your existing SSL certificate meets those requirements then yes, you can use it.

It is also recommended to use the same SSL certificate when you are in an Exchange Server 2013 and 2016 co-existence scenario and you are load balancing client traffic across the Exchange 2013 and 2016 servers. Both Exchange Server 2013 and 2016 are capable of up-level and down-level proxying of client connections, so this is a perfectly fine configuration. And as is always recommended, all servers in a load-balanced pool should use the same SSL certificate.

To re-use your existing SSL certificate export it from Exchange 2010 or Exchange 2013 and import it to the new Exchange 2016 servers.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Amit Dixit

    i have a certificate for EXMP:- Mailserver.mydomain.net/owa on exchange server 2016. Can i use the same cert. on mynewexchange.server.mydomain.net?

    1. Paul Cunningham

      If you’re using the same client access namespaces that are already present on the certificate, then yes you can re-use the certificate.

Leave a Reply