Use the instructions on this page to use the Exchange Admin Center to create your certificate signing request (CSR) and then to install your SSL certificate on your Exchange 2016 server.


1.  Access the EAC by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).

2. On the Exchange Admin Center credentials page, type your Domain/user name and Password and then click sign in.

3. In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.

4. On the Certificates page, in the Select server drop-down list, select your Exchange 2016 server and then click the + symbol.

5. In the new Exchange certificate wizard, select Create a request for a certificate from a certification authority and then click Next.

6. In the Friendly name for this certificate: box, type a friendly name for the certificate and then click Next.

The friendly name isn't part of the certificate; instead, it's used to identify the certificate.

We recommend that you add TRUSTZONE and the expiration date to the end of your friendly name, for example: yoursite-TRUSTZONE-expirationDate. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.


Note: If your are not creating a csr for a wildcard certificate, click Next.

To create a CSR for a wildcard certificate, do the following:

  • Check Request a wild-card certificate.
  • In the Root domain: box, type the root domain for all the subdomains (e.g., *
  • Click Next.

8. In the *Store certificate request on this server box, click Browse…, select the server you want to store the certificate request on, and then click Next.


Note: If you are creating a csr for a wildcard certificate, skip this step by clicking Next and Next. Proceed to step 10.

To select the domain(s) that you want included on your SSL certificate, do the following:

  • Click Next.

The wizard populates the list with domains that Exchange 2016 suggest you include in your certificate request.

Although you can edit the list of domains on this page of the wizard, we recommend doing it on the next page.

  • On the next page, review the list of names/domains and use the +, ?, -, and ? symbols to add, edit, remove, and select the domains you want included on your SSL certificate.
  • When you are finished, click Next.

10. Under Specify information about your organization, provide the following information and then click Next:

  • Organization name: Type your company's legally registered name (e.g., TRUSTZONE A/S).
  • Department name: Type the name of your department within the organization. Frequently this entry will be listed as "IT" or "Web Security".
  • City/Locality: Type the city/locality where your company is legally located.
  • State/Province: Type the state/province where your company is legally located.
  • Country/Region name: In the drop-down list, select the country/region where your company is legally located.

11. Under Save the certificate request to the following file, enter a UNC path to save your CSR to.

Note: Select a location that you can access. You must be able to access the location so that you can use the CSR to order your SSL certificate.

12. Click Finish to generate the CSR and save it to the specified UNC path.

13. Use a text editor (such as Notepad) to open the file. Then, copy the text, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into the TRUSTZONE order form.

14. After you receive your SSL certificate from TRUSTZONE, you can install it.



Before installing your SSL certificate you will need to install the associated Intermediate Certificate.
Please Copy the Intermediate Certificate from the email also containing your SSL certificate, and paste it into a simple text editor such as Notepad.

Save it as intermediate.cer on you desktop and follow the instructions below: 

  • Open MMC
  • Select File. Click Add/Remove Snap In 
  • Click Add
  • Select certificates. Click Add
  • Select Local Computer. Click Finish. Clik Close and then Ok
  • Select certificates. Select Intermediate Certification Authorities and then certificates
  • Right-click certificates. Select All-Tasks. Click Import
  • The Import Wizard will start. Follow the instructions to import the Intermediate Certificate and close MMC

15. Now it is time to install your SSL certificate.

  • Copy the SSL certificate from the email and save this as your_domain_name.cer
  • Copy the your_domain_name.cer file to your Exchange 2016 server's network share folder (where you saved the CSR).
  • Access the Exchange Admin Center (EAC) by opening a browser and browsing to the URL of your server (e.g., https://localhost/ecp).
  • On the Exchange Admin Center credentials page, enter your Domain/user name and Password and then click Sign In.
  • In the EAC, in the sidebar menu on the left, click Servers and then in the menu at the top of the page, click Certificates.
  • On the Certificates page, in the center pane, select your certificate request and then in the certificate request details pane to the right, under Status, click the Complete link.

Note: Certificate request are listed by their friendly names.


  • In the complete pending request wizard, under *File to import, enter the UNC path to where your SSL certificate file is located (e.g., \\example\certificates\your_domain_name.cer) and then click OK.
  • The certificate should be successfully installed on your Exchange 2016 server, and the status of your certificate request should now be Valid.
  • On the Certificates page, in the center pane, select the SSL certificate you just installed and then click ? (pencil).
  • In the 'certificate' window, click Services.
  • Next, check all the services for which you want to enable your SSL certificate and then click Save.
  • Your SSL certificate should now be enabled for the services you selected on your Exchange 2016 server.


Last updated: February 16, 2018