Knowledge Base

Installing a SSL certificate in Exchange 2013 EAC

Installation of the SSL certificate in Exchange 2013 is a continuation of the CSR generation, which was done in the Exchange Administration Center via web interface.

The certificate file you will need to use can be downloaded in ZTABOX email. We recommend that you save the files to your computer for future use.

To install the certificate, log into your EAC account and perform the following steps:

1) Go to Servers > Certificates, locate and highlight the pending request, then click on Complete in the right menu bar.

install_exchange_eac_01

2) Specify the path to the certificate you have saved. In this example the file was saved on the disc C:// in the “certs” folder.

install_exchange_eac_02

3) When the pending request is completed and you are returned to the Certificates menu, the Status column will show that the certificate is now valid.

The installed certificate is not automatically enabled for the Exchange services such as IIS (for OWA, Outlook Anywhere, ActiveSync, etc.), POP, IMAP or SMTP. This should be done manually by enabling the certificate for these services by clicking on the “edit” button for the highlighted certificate.

install_exchange_eac_03

4) Edit the configuration of the certificate and select the services for which you would like to enable your certificate, then click Save.

install_exchange_eac_04

While performing this action, you may notice that some services cannot be unchecked. This is because Exchange 2013 does not allow you to disable the certificate from services which require it. Instead, you may assign another certificate for these services which will automatically overwrite the the existing one.

5) If you are overwriting the existing certificate, you will receive the warning shown below. Usually it happens because the self-signed server certificate was installed by default. Click Yes to confirm overwriting.

install_exchange_eac_05

The certificate is now installed on the server. You can check it by opening the domain name in the browsers and checking the certificate details. If all steps were performed correctly, the browser will show green https without warnings, and in the certificate details you will see the certificate issuer information. Another way to check certificate installation is by using online checkers such as decoder. Remember to specify the correct ports (e.g., 995 for POP3-SSL, 993 for IMAP-SSL, etc.) when using this checker.