When an SSL certificate has been installed on an Exchange 2013 server it is not automatically enabled for any of the Exchange services such as IIS (for OWA, Outlook Anywhere, ActiveSync etc), POP, IMAP or SMTP.
The administrator must manually assign the certificate to the services that the SSL certificate is intended to be used for.
In the Exchange Administration Center navigate to Servers -> Certificates and choose the server that has the SSL certificate you wish to assign. The certificate must already been in a valid status before you can proceed further.
Click the edit icon and then select Services.
Tick the boxes for the services that you wish to assign the SSL certificate to, then click Save. The typical services to assign to an SSL certificate are IIS and SMTP.
If you are overwriting existing certificates you will be prompted to confirm that.
If you are using the same SSL certificate on multiple servers you can also export/import the certificate to those servers.
To test that the SSL certificate is working you can browse to the Outlook Web App URL for that server and see whether you receive an invalid certificate warning from your web browser.
If you're interested in how Exchange handles selection of a certificate when multiple certificates are bound to the SMTP protocol, here are some articles that explain it:
- Selection of Inbound Anonymous TLS certificates
- Selection of Inbound STARTLS certificates
- Selection of Outbound Anonymous TLS certificates