In this article we will have a look at the steps to configure SSL certificates in Exchange 2016 post installation.

If you have exchange 2016 in Exchange 2013 coexistence you wouldn’t need to worry about this part. Because the already configured Exchange 2013 CAS server will have the capability to up proxy the requests to Exchange 2016 servers and you can stay relaxed for a while until the you decide to remove the Exchange 2013.

But if you have them in Exchange 2010 coexistence then you will need to move all of your external URL’s and place your SSL certificates into the Exchange 2016 servers.

Now we will have a look at how to place an  SSL certificate request in Exchange 2016 and complete them using a third party CA.

The configuration is the same as Exchange 2013 and the only change is the for internet facing CAS server will be now  internet facing mailbox server.

In-order to perform this action open EAC – click servers – and select certificates



Give it a friendly name as below



Enter the domain name

If you are going to use wild card you can select the wild card certificate option.

Using wild card will cover your root domain and additional it covers one subdomain.

In this case we are using wild card since its a lab and we are using a complimentary subscription provided by digicert through MVP in my case it would cover,, etc.,

If we try then it will not cover since it covers only one subdomain before that wildcard.

Its always better to use SAN since if its a SSL then your private key will be used in most of the sub domains


After this completes just click on next and choose one internet facing mailbox server in Exchange 2016



Fill the required information as below



Place a location to save the csr request as below



You can see the cert request generated as below in the location you mentioned




After the above task is completed  you can see the certificate request in pending state in the certificates tab as below.

Now we can submit this request to a third party CA and get a new SSL certificate for your domain.

There are so many good providers but we recommend digicert as we have seen their support to be very prompt and all together provide a competitive pricing



Now copy paste the CSR request we generated in Exchange 2016 as below. Now you can select the server software as Exchange 2013 and with that it would be working until they add Exchange 2016.



Once you get the SSL certificate from the certificate provider now we need to complete this request by importing them into the Exchange 2016 internet facing server.


You can see the certificate that we requested in pending state as below



So click on complete and you will get a pop up window to import the SSL certificate.

Just import the certificate that you got from the certificate provider and then complete the request.

Now we have successfully completed the SSL certificate request in Exchange 2016