Microsoft Exchange Server SSL Certificate Guide


Most people know that it’s important to secure their Microsoft Exchange Server with SSL certificate, but few of them know exactly why they should do this? And this is the only problem we are going to solve with the whole article, at the end, we hope you not just understand the importance of Exchange Server SSL Certificates but also learn basic steps to install an SSL certificate on your Microsoft Exchange Server.

A Brief Introduction to Microsoft Exchange Server

Microsoft Exchange Server is a globally known email, contact, calendaring, collaboration and scheduling platform. Developed by Microsoft, Exchange Server can only be deployed on the Windows Server operating system for use. It is mostly available in the form of on-premise software and SaaS.

Microsoft Exchange Server was first released dating back to 1993 and which was used to manage mail communications within the company itself. It had not been available to the general public until the launch of Exchange Server in 1996. To date, there have been eight versions of Microsoft Exchange Server, including:

  • Exchange Server 4.0
  • Exchange Server 5.5
  • Exchange Server 2000
  • Exchange Server 2003
  • Exchange Server 2007
  • Exchange Server 2010
  • Exchange Server 2013
  • Exchange Server 2016

Why Does Microsoft Exchange Server Need SSL?

Microsoft offers plenty of host services such as ActiveSync, Auto-Discover, Mailboxes, Outlook App/Web, POP3, SMTP, etc. The risk of sensitive information being intercepted and leaded rises when people are using these services to communicate within enterprises or with partners. Therefore, security solutions are required to defend all the sensitive information against any potential cyber-attack.

Specifically speaking,

  1. ActiveSync: A client protocol to synchronize a mobile device using your Exchange mailbox. It is important to secure ActiveSync since all information that gets transmitted to iPhones, tablets, and other wireless devices is relayed from the protocol.
  2. Autodiscover: Outlook uses this feature to obtain configuration information for servers to which it connects. If Autodiscover compromised, all important information such as the usernames and passwords will be leaked, giving attackers access to the network.
  3. Outlook Web Access/App: When this email client is compromised, your emails, contacts, calendars, and other sensitive business information can be easily reached by a user.
  4. Mailboxes: Encrypting every email to and from the Exchange Server is your responsibility.
  5. Outlook Anywhere: This is a software feature that gives Microsoft Office Outlook’s end users the ability to access corporate email and calendars over the internet from outside the corporate domain and without using a VPN.

SSL certificates are not merely for authenticating your Exchange Server to connecting devices; they also ensure an encrypted session is delivered whenever a user connects to your Exchange environment.

UCC SSL—An Absolute Security Solution for Microsoft Exchange Server

It could be exhausting and costly to manage multiple SSL certificates for each service. Fortunately, you can counteract the disadvantages by using a Unified Communications Certificate (UCC) that allows for securing multiple domain names and multiple host names within a domain name, such as:


In other words, with a UCC SSL certificate, you never need to install individual SSL certificates for each single domain name, simplifying the process of managing the host services and domains. Besides, it’s cost-effective.

Recommended UCC SSL Certificates for Microsoft Exchange Server

To enable secure client access from the Internet to Exchange Server, Microsoft has been working with a bunch of certificate authorities (CAs) to establish special websites exclusively for the Exchange Server. These CAs include Comodo, Symantec, DigiCert, Entrust, GlobalSign, Thawte, GeoTrust, and GoDaddy. And here we highlight some UCC SSL certificates, which, based on our expertise, are the best of the best options for the Microsoft Exchange Server.

1.Comodo Unified Communications Certificate

This is the best cheap UCC SSL certificate solution for Microsoft Exchange Server that charges from only $133 per year, along with 4 additional SAN included. In addition to providing secured communications on many different domains, the certificate supports the Microsoft Exchange Autodiscover service. Moreover, in accordance with your business needs, you can add up to 250 total domains to this certificate.

Don’t worry about the compatibility, Comodo Unified Communications Certificate comes with a sterling 99.9% browser and mobile compatibility rate.

2.GeoTrust True BusinessID Multi-Domain SSL

This is currently the most popular UCC SSL certificate for Microsoft Exchange Server that by default includes 5 total domains and grants you the ability to add up to 95 additional domains. As the industry leading SSL certificate brand, GeoTrust uses 256-bit encryption strength in this UCC SSL certificate.

As well, GeoTrust True BusinssID Multi-Domain SSL certificate offers strong mobile and browser compatibility. And the price is also affordable that costs at $248 per year.

3.  Symantec Secure Site SSL Certificate

Symantec Secure Site SSL Certificate is a quite powerful solution for Microsoft Exchange Server not only because of the most trusted SSL certificate brand and the globally recognized Norton Secured Seal, but also because the SSL certificate provides up to 256-bit encryption strength, daily malware scanning, as well as a very high warranty ($1,500,000).

By default, Symantec Secure Site SSL Certificate includes only one free SAN for your base domain name. But you can still secure up to 100 domain names with just one single certificate thanks to the SAN support.

How to Install SSL Certificate for Microsoft Exchange Server?

The next crucial step in line after purchasing a UCC/SAN SSL Certificate is to successfully install it on your Exchange Server. Here is the detailed step by step instruction to guide you through installation process.

Step 1. Generate a CSR for Exchange 2013 Server Using the Exchange Admin Center (EAC)

Step 2. Install SSL Certificate

  • Download and open the ZIP file with your SSL certificate included. The name of your certificate file will be your_domain.cer.
  • Copy the file to the network share folder on your Exchange 2016.
  • Log into the Exchange Admin Center (EAC) and visit your server’s URL.
  • On the credentials page, sign in with your username and password.
  • Click Servers, and on the left sidebar of the top, click Certificates.
  • On the Certificates page, select your SSL certificate and then click Complete link under Status.
  • The complete pending pane appears, enter *File to import and UNC path to the folder location where you store your SSL certificate and click OK.

Now, the SSL certificate should be installed on your Exchange Server 2016. You can check the status, which should be Valid.

Step 3. Assign Services to Your SSL Certificate

  • On the Certificates page, select your SSL certificate and click the pencil symbol.
  • Click Services in the next “certificate” window.
  • Decide and check the services you want to enable your SSL certificates for and click Save.

Now, you SSL certificate should be assigned to specific services that you selected on your Exchange Server 2016.

Wrapping Up

Emails have been playing a big part in most organizations in terms of communications. The emails are very possible to contain crucial, sensitive information. Therefore, it’s your obligation to install an UCC/SAN SSL certificate on your Microsoft Exchange Server to protect the data from being attacked. And if you follow the installation guide, you are less likely to face any problems.