Home » Exchange Server » Exchange Server 2016 FAQ: Can I Re-Use My Existing SSL Certificate?

Exchange Server 2016 FAQ: Can I Re-Use My Existing SSL Certificate?

Q: Can I re-use the existing SSL certificate on my Exchange 2010 or 2013 servers for my new Exchange 2016 servers?

A: Yes.

There are three basic requirements of your Exchange 2016 SSL certificate:

  1. The certificate must contain the names (i.e. the URLs or namespaces) that clients will be connecting to over HTTPS, for example https://mail.exchangeserverpro.net/owa for Outlook on the web
  2. The SSL certificate must still be within its validity period (start and end dates)
  3. The SSL certificate must be from a certificate authority that the connecting clients (Outlook, web browsers, mobile devices, etc) trust

As long as your existing SSL certificate meets those requirements then yes, you can use it.

It is also recommended to use the same SSL certificate when you are in an Exchange Server 2013 and 2016 co-existence scenario and you are load balancing client traffic across the Exchange 2013 and 2016 servers. Both Exchange Server 2013 and 2016 are capable of up-level and down-level proxying of client connections, so this is a perfectly fine configuration. And as is always recommended, all servers in a load-balanced pool should use the same SSL certificate.

To re-use your existing SSL certificate export it from Exchange 2010 or Exchange 2013 and import it to the new Exchange 2016 servers.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

Leave a Reply

Your email address will not be published. Required fields are marked *