One of the major tasks for Exchange admins is renewing an SSL certificate. Lots of times admins struggle to renew Exchange certificates and might end up in breaking up the Exchange server or servers. In this article, I have documented everything step by step, and what you need to do, to complete SSL certificate renewal successfully.
How to Renew SSL Certificate for 2013 Step by Step
1) Creating a new CSR (Certificate signing request)
- Open EAC or Exchange Admin Center Web page.
- Navigate to Servers section.
- Click on Certificates Option.
- Select Server Name.
- Click on Certificate you need to renew.
- Click on Renew option.
- Save the new CSR request to your desired UNC path.
- Submit the CSR request to generate a new certificate with your 3rd party Certificate vendor.
- Download the new certificate.
2) Installing new certificate
- Open EAC or Exchange Admin Center Web page.
- Navigate to Servers section.
- Click on Certificates Option.
- Select Server Name.
- Now Select Certificate with status "Pending Request".
- Right-hand side, click on the complete option.
- Now enter the UNC path for new downloaded Certificate.
3) Assign New Certificate to Services like IIS, SMTP, IMAP or POP
- Open EAC or Exchange Admin Center Web page.
- Navigate to Servers section.
- Click on Certificates Option.
- Select Server Name.
- Select the new certificate.
- Click on Edit Icon.
- Click on Services option.
- Click on the Services checkbox you want to assign and save.
- Certificate renew completed for the single server.
Note: If you have more than one Exchange server. Move to Step 4.
4) Exporting Certificate from First Exchange Server in the same Org.
- Export certificate from the server you first renewed or installed.
- Open EAC or Exchange Admin Center Web page.
- Navigate to Servers section.
- Click on Certificates Option.
- Select First Server Name.
- Select the new certificate you want to export.
- Click on “…” or more icon and select Export Exchange Certificate.
- Enter the UNC path, where you want to export the new certificate.
- Provide the password and follow rest of the steps.
5) Importing Certificate on Other Exchange Servers in the same Org.
- Open EAC or Exchange Admin Center Web page.
- Navigate to the Servers section.
- Click on the Certificates Option.
- Click on “…” or more icon.
- Click Import Exchange Certificate
- Enter the UNC path for the exported certificate you did in step 4 above.
- Enter the password you gave in step 4 above.
- Now click on "+" icon and add your other Exchange 2013 servers.
- Follow Wizard and finish the import process.
6) Assign Services on other Exchange servers.
- Follow Step 3.
Note: If you have Hardware Load Balancer, you need to install the new certificate on your HLB also.
Hope you found this helpful.