Please make sure you have completed the following before attempting to install your certificate:

Please follow these instructions to install your SSL certificate in Microsoft Excange 2003.



Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to TRUSTZONE in order to be generated into a SSL Security Certificate.

1.  In Microsoft Exchange click System Manager.

2. If the Display Administrative Groups option is turned on, expand Administrative Groups. Expand First Administrative Group (First Administrative Group is the name of your administrative group).

Note: If your Display Administrative Groups option is not turned on right-click Your_Organization. Click Properties.
3. Click the Display Administrative Groups check box.

4. Click OK twice.

5. Restart Exchange System Manager.

6. Expand Servers. Expand the Exchange Server container that you want to configure.

7. Expand the Protocols container.

8. Expand each protocol that you want to configure. Right-click the Default Protocol_Name Virtual Server Object.

9. Click Properties.

10. Click the Access tab.

11. Click Certificate.

12. In the Web Server Certificate Wizard click Next. Click Create a New Certificate.

13. Click Next.

14. Click Prepare the Request Now. Do not send the request now, this will be done later.

15. Click Next.

16. Type an appropriate name for the certificate in the Name box, or leave the default setting of “Default Protocol_Name Virtual Server”

17. In the Bit Length list, click the bit length that you want to use.

18. Click Next.

19. In the Organization box and the Organizational Unit box type the organization and the organizational unit information for the CA where you want to request a certificate.

20. Click Next.

21. This information is typically available from the CA’s web site or the information is sent to you when you register with the CA.

22. In the Common Name field, type the common name for your site. This is also known as your Fully Qualified Domain Name.

23. Click Next.

24. In the Country/Region list click your country or your region name.

25. In the State/Province box and in the City/Locality box type in the information that is appropriate for your organization.

26. Click Next.

27. In the File name box do one of the following:

  • Type a name and a path for the location where you want to create the certificate.
  • Leave the default file name in the box.

28. Click Next.

29. Review the information on the Request File Summary page. If something is not correct, click Back until you reach the page that must be corrected. Click Next until you return to the Request File Summary page.

30. Click Next.

31. The final page confirms that a certificate with the specified file name has been created. The default setting is drive name “\certreq.txt”.

32. Click Finish.

33. Your CSR is now successfully created.


  1. Open Internet Information Services Manager or the custom MMC containing the Internet Information Services snap-in.
  2. Browse to the web site you have a pending certificate request on.
  3. Right-click on the site.
  4. Click Properties.
  5. Click the Directory Security tab.
  6. Under the Secure Communications section click Server Certificate.
  7. The Web Server Certificate Wizard will apear.
  8. Click Next.
  9. Choose Process the Pending Request and Install the Certificate.
  10. Click Next.
  11. Type in the location of the certificate response file (you may also browse to the file).
  12. Click Next.
  13. Read the summary screen to be sure that you are processing the correct certificate.
  14. Click Next.
  15. Click Finish on the confirmation screen.
  1. Using the Internet Services Manager open the properties for the Exchange virtual directory.
  2. Select the Directory Security tab. Click the Edit button in the Secure Communications section.
  3. In the Secure Communications dialogue box check the box Require Secure Channel (SSL). OWA is now configured to require SSL.
  4. Users must now enter the url as, making sure to include the ‘s’ after ‘http’. If the “s” is not included users will receive an ‘HTTP 403.4 – Forbidden: SSL required Internet Information Services’ error message.


Last updated: August 23, 2017