Order and install Certificates in MS Exchange server 2016 –Aditya Mediratta

>Double click any of host / domain name you need to edit as per your requirement

>Delete the names you don't want as additional names do cost additional money

Specify the outlook anywhere URL and hit ‘OK’ & 'Next'

--

Specify the UNC path and file name to save the certificate and hit the 'FINISH' button

At this point our certificate file should be available on specified UNC path

Copy the entire text and paste it to your certificate authority where you are buying certificate from. For example I goto Digicert.com and choose Multi-Domain SANs Certificate

I choose the one year option and click buy:

>Check the following:

>Choose the exchange server version you use and paste the certificate CSR:

We got the error as we also had internal URL in original certificate request.

Correction: - Remove / replace internal URLs

We now need to fill in the Organization Details. Make sure these details match what's in your Who Is at your certificate registrar. So wherever it is that you registered your domain name, whatever address you put in there, you need to have that match here.

If you're not sure what it is, just go ahead and log into your registrar, whether it Network Solutions or GoDaddy or Register.com, whatever it is, log in, find out what name, address, and phone number everything is registered there, and that's the information that it's going to want. After you click Next, you'll be prompted to put in your credit card information which I've already done, and then it says it's Completed and now it's going to try to send an email to an administrator account that may be listed at your registrar's website.

> At this point certificate has been sent to us

Login back to EAC and complete pending certificate request by importing in certificate

We need to assign services to newly installed certificate

Double click on certificate name and choose the services you need

Now we need to go into one of the other servers, in this case it's the domain controller, and we need to point to the internal DNS name for mail.yourdomain.org

Create a new forward lookup zone in DNS. So we start by right clicking on the Forward Lookup Zones and choose New Zone. We're going to choose a Primary and Active Directory zone so that way it gets replicated in case we create any new domain controllers in the future, and we're gonna replicate to all DNS servers in the domain. We'll put in our Zone Name which will be yourdomain.org and click Next.

We'll open up our network card and we'll manually point it to our internal domain controller instead of

using the automatic DNS which is going to a public domain controller.

Point to OWA and click the Lock icon and view certificate, we see it’s secured by digicert successfully

Thanks - Aditya Mediratta

Guide provides you detailed step by step information required to order and install certificates in

exchange server 2016. Steps included in the guide have been defined as per best practices used in

hybrid exchange environment across several organizations around the globe .Domain names and

servers used in guide are solely a part of test lab environment and does not points to any public or

private organization's server in real world. “Happy learning. Human knowledge belongs to the

world”.