Ask a Question

Advanced Search

Solution ID : SO22089

Last Modified : 05/31/2019

Managed PKI for SSL - Installation Instructions for Microsoft Exchange 2010


This document provides instructions for installing SSL Certificates for Exchange 2010 using the Exchange Management Console. If you are unable to use these instructions for your server, DigiCert recommends that you contact Microsoft.

This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2: Installing the certificate downloaded from Managed PKI for SSL subscriber service page.
Method 1: Download and Install SSL certificate sent via e-mail
Step 1: Obtain the SSL certificate sent via email:
  1. Once your Managed PKI for SSL administrator has approved the certificate request, you will receive an email
    with the certificate download link, with file attached (cert.cer), as well as in the body of the email itself.
  2. Copy the SSL certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
    header and footer. Ensure there are no white spaces, extra line breaks or additional characters.
  3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt
  4. If you are not sure which server software was selected during the enrolment, proceed with Step 2 bellow.         

Step 2: Download and Install the Intermediate CAs:

Click here to download the Intermediate CAs
Note: If you downloaded PKCS7 format, the intermediate is already included in that file.
Step 3: Install the SSL certificate:
         To proceed with the installation steps for your SSL certificate click here

Method 2: Download and Install SSL certificate in PKCS#7 format
Step 1: Download the SSL certificate from Managed PKI for SSL subscriber services page:
         Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b 

Step 2: Install SSL Certificate

To install a SSL certificate onto Microsoft Exchange 2010, you will need to use the Exchange Management Shell: 

  1. Start the Exchange Management Console by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
  2. Select Manage Databases, and then select Server configuration.
  3. Select the certificate from the center menu (listed by its Friendly Name), and then select "Complete Pending Request" from the "Actions" menu.
  4. Browse to the certificate file, then select Open > Complete.
    NOTE: Occasionally Exchange 2010 will show an error message stating that "The source data is corrupted or not properly
    Base64 encoded
    ." Please ignore this error. Although the error may appear, the certificate often still installs correctly.

    Hit F5 (on the keyboard) to refresh the certificate and verify that it now says False under Self Signed.
    If it still shows "True", the wrong certificate may have been selected or the request may have been generated on a different server.
    To resolve this issue, create a new CSR on this Exchange server and replace the certificate.
  1. To enable the certificate, go back to the Exchange Management Console.
  2. Select Manage Databases, and then select Server configuration and click on the link Assign Services to Certificate.
  3. Select the services for which the certificate must be enabled then click Next > Assign > Finish.
  4. The certificate is now installed and enabled for use with Exchange 2010.
  5. Test your certificate by connecting to your server with Internet Explorer, ActiveSync, or Outlook.
  6. Verify your installation with the DigiCert Installation Checker
    NOTE: If using ISA 2004 or ISA 2006, you need to reboot your servers. It has been reported that ISA services won't send
    the intermediate certificate until after a reboot.

For more information regarding the Exchange Management Shell, please refer to following Microsoft Article