How to Export/Import an SSL Certificate to Multiple Exchange 2013 Servers

During your planning for SSL certificates for Exchange 2013 you may have chosen to use the same certificate on multiple servers.

The process for acquiring a certificate to be used on multiple servers is almost identical to the process for a single server. However during the Exchange 2013 certificate request wizard you would enter the fully qualified domain names of any additional Exchange  servers that the SSL certificate will be used for.

For example in this certificate request the names for both servers E15MB1 and E15MB2 are being included in the certificate request.

Multiple Exchange 2013 server names included in the SSL certificate request

After completing the certificate request you can then export the certificate and import it to additional servers with the following steps.

In the Exchange Administration Center navigate to Servers -> Certificates and choose the server that has the SSL certificate already installed.

Highlight the certificate to be exported, then click the “” (more) icon and choose Export Exchange Certificate.

Begin the export of an Exchange certificate

Enter a valid UNC path and the name of the file you wish to export to, and a password for the exported certificate.

Choose a path to store the exported certificate file

Complete the export Exchange certificate wizard.

Open the “more” icon again and this time choose Import Exchange Certificate (it does not matter at this stage which server you have selected in the drop-down list above the icons).

Begin the import of an SSL certificate to Exchange

Enter the UNC path to the file again, and the same password you used during the export.

Enter the UNC path and certificate password

Click the “+” icon and add any Exchange 2013 servers that you wish to import the certificate to.

Select the Exchange servers to import the SSL certificate to

Click Finish to complete the import wizard.

After you have imported the certificate to a server you can then proceed with assigning the SSL certificate to Exchange services.

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.

Comments

  1. Hi Paul,

    Do you know how to create a request for a cert that can be exported and import to TMG server? I think the private key needs to be set to “exportable”, but I don’t see anything from the UI to allow user to select that option.

    Thanks,

  2. Erik Townsend says:

    1) Can you use the same domain name for OWA, OAB, EWS, Exchange ActiveSync, Autodiscover and Outlook Anywhere, on both “when accessed from the intranet” and “when accessed from the internet”? example of domain: email.company.edu
    2) If you have 2 CAS and 2 Mailbox servers, Do you need a certificate for each server, or just the two CAS’s?
    3) I read the the OAB is run on the Mailbox servers. does this mean you can not set this up on the CAS? If it can not run on the CAS, then with my topology, it would have to run on the Mailbox Server and that would mean I would need a certificate for all four servers?

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.