If you have multiple Exchange servers, it is imperative that each server have a valid 3rd-party certificate reflecting the namespace. If you don’t, some client connections will get certificate errors.
In our example below, we have two Exchange 2016 servers behind a load balancer in a single site; EX16-01 and EX16-02. Our third-party certificate request was generated and completed on EX16-01. We have also assigned services to that certificate. However, that certificate does not yet exist on EX16-02. Only the default out-of-the-box certificates exist on EX16-02.
When user Amy Pond connects, she is load balanced to EX16-01, which has a 3rd party certificate. The certificate matches the namespace. Her connection is established without error. On the other hand, when Rory Williams connects, he is load balanced to EX16-02. EX16-02 returns its self-signed certificate. This certificate does not match the namespace. Rory receives a security error.
In this article, we explore transferring a third-party SSL certificate from one Exchange server to another.
We explore this process through both the Exchange Admin Center and PowerShell.
Let’s get started!
Note: These steps are identical for Exchange 2013, Exchange 2016 CU22 and earlier, and Exchange 2019 CU11 and earlier. If you are using Exchange 2016 CU23 or greater or Exchange 2019 CU12 or greater, you must renew your certificate with all new PowerShell commands covered in the following article.
Export the certificate with Exchange Admin Center
Log in to the Exchange Admin Center. It doesn’t have to be the server you created your request on.
Navigate to the Servers tab and Certificates sub-tab.
In the Select Server drop-down, pick the server you completed the certificate request on. In our example, this was EX16-01.
[Read more…] about Import & Export SSL Certificates in Exchange Server 2013 (and older versions of 2016 & 2019)