When an SSL certificate has been installed for Exchange Server 2016 you need to assign it to Exchange services before it will be used. This task can be performed in the Exchange Admin Center.
Navigate to servers, then certificates, and select the server that has the SSL certificate you wish to enable for Exchange services.
Select the SSL certificate and click the edit icon.
Select services, then tick the boxes for each service you wish to enable.
- IIS is used for all HTTPS services (such as OWA, ActiveSync, Outlook Anywhere). Only one certificate can be assigned to IIS, so it’s important that the certificate contains all of the correct names configured as URLs for your HTTPS services.
- SMTP is used for TLS-encrypted mail flow. More than one certificate can be assigned to SMTP.
- POP and IMAP are disabled by default in Exchange Server 2016, but if you are planning to enable them you should assign a certificate, whether that is the same certificate used for HTTPS or a different one.
- UM is optional as well. If you are planning to use the UM features of Exchange Server 2016 enable a certificate for UM as well, again that can be the same certificate as used for HTTPS services or a different one.
Click Save when you’ve select the services you need to use the SSL certificate for. If you are assigning an SMTP certificate you may be prompted to overwrite the default SMTP certificate. SMTP can have multiple certificates assigned, and for a simple deployment where the single SSL certificate you acquired contains the SMTP namespace you plan to use on connectors it is generally fine to say Yes to this prompt.
After you’ve completed those steps the SSL certificate will be used by Exchange for those services you selected.
If you’re interested in how Exchange handles selection of a certificate when multiple certificates are bound to the SMTP protocol, here are some articles that explain it: