If you have multiple Exchange servers it is imperative that each server have a valid 3rd-party certificate reflecting the namespace. If you don’t some client connections will get certificate errors.
In our example below we have two Exchange 2016 servers behind a load balancer in a single site; EX16-01 and EX16-02. Our third-party (affiliate) certificate request was generated and completed on EX16-01. We have also assigned services to that certificate. However, that certificate does not yet exist on EX16-02. Only the default out-of-the-box certificates exist on EX16-02.
When user Amy Pond connects she is load balanced to EX16-01 which has a 3rd party certificate. The certificate matches the namespace. Her connection is established without error. On the other hand, when Rory Williams connects he is load balanced to EX16-02. EX16-02 returns its self-signed certificate. This certificate does not match the namespace. Rory receives a security error.
In this article, we explore transferring a third-party SSL certificate from one Exchange server to another.
We explore this process through both the Exchange Admin Center and PowerShell.
Let’s get started!
Export the certificate with Exchange Admin Center
Log into Exchange Admin Center. It doesn’t have to be the server you created your request on.
Navigate to the Servers tab and Certificates sub tab.
In the Select Server drop-down, pick the server you completed the certificate request on. In our example, this was EX16-01.