Applies to: Exchange Server 2013
Topic Last Modified: 2013-02-21
In Exchange Server 2013, you can manage certificates using the EAC or the Shell. The EAC includes a new certificate management user interface. Through this new UI, you can create a new certificate, edit an existing certificate, or remove a certificate.
What do you need to know before you begin?
- Estimated time to complete: 10 minutes plus time for the
certification authority response.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Client Access server security" entry in the Clients and Mobile
Devices Permissions topic.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
What do you want to do?
Use the EAC to create a new certificate request
- In the EAC, navigate to Servers >
- In the Select server list, select the server for which
you want to create a certificate, and then click Add
- In the New Exchange certificate wizard, choose either
Create a request for a certificate from a certification
authority or Create a self-signed certificate, and then
- Enter a friendly name for the certificate and select
- If you didn’t choose a self-signed certificate and you want a
wildcard certificate, select the box marked Request a wildcard
certificate, enter the root domain, for example *.contoso.com,
and then select Next. If you chose a self-signed
certificate, skip this step.
- Select the servers that you want to apply this certificate to
and select Next.
- Specify the domains you want to be included in your certificate
and then select Next.
- Verify that the included domains are correct. If you chose a
self-signed certificate, select Finish. Otherwise select
- Enter your organization name, department name, city or
locality, state or province, and country or region, and then select
- Enter a location to save the certificate request and select
If you didn’t select a self-signed certificate, you’ll need to send the certificate request file to the certification authority for processing.
Use the Shell to create a new certificate request
Run the following commands.
$reqfile = New-ExchangeCertificate -GenerateRequest -SubjectName "C=US,o=Contoso,cn=contosotocert" -DomainName "contoso.com" -PrivateKeyExportable $true
$reqfile | out-file c:\certreq.txt
How do you know this worked?
If you created a self-signed certificate, the newly created certificate will appear in the certificate management UI. If you created a certificate request from a certification authority, the certificate request file will be in the location you specified. Send this file to the certification authority.