Updating exchange certificate
(More info HERE on the use of this certificate for Office 365 hybrid deployments).
It involves creating a new self-signed certificate from one of your Exchange servers, then publishing that certificate as the new “Auth certificate”. Open a new Exchange shell (you must elevate with “Run as Administrator”).
Digital Certificates are used to secure communication between clients and servers using SSL protocol. This is the server where certificate request will be stored. Here, you can specify which domain names to be included in the certificate.
In Exchange 2016, self-signed certificates are created by default when you install Exchange 2016. You can leave this default and specify domain names on the next page as shown below. Browse the UNC path of shared folder where the CSR (Certificate Signing Request) file will be stored.
Now log on to and purchase a multi-domain certificate.
You will be presented with a box to paste a CSR code that we got from Exchange server.
There are different types of digital certificates available, In Exchange 2016, services like Outlook On the Web, EAC, Exchange Web Services, Active Sync, Outlook Anywhere, Autodiscover and Address Book Distribution uses same digital certificate once it is installed. This option will allow you to generate CSR for wildcard certificate.
This is because all these services are in IIS under same default website. Similarly, POP/IMAP and SMTP can also use same or different digital certificate. Domain names to be used internally and externally has already been planned.
Click Yes on warning that says the certificate will overwrite the current certificate. Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. Some of his certifications are, MCSE: Messaging, JNCIP-SEC, JNCIS-ENT, and others.
These domain names are picked up automatically from the CSR texts pasted. Now type valid email address in order to verify the domain name.
Verification instruction are also sent in the same email. Once you get the certificate in your inbox, download it on the same shared folder.
I will create a folder named CSR on the desktop of MBG-EX01 server.
You can setup the folder on any location as long as Exchange server can reach the destination.