How To Update SSL Certificates for Exchange 2019

Because I am using Let’s Encrypt for my public SSL certificate needs, I have to update my certs every 3 months. It’s not so bad considering the fact that it’s 100% free, but it can be a bit cumbersome if you don’t have the process automated. Luckily I am at the point where the entire process is automated, thanks to Ryan Bogler’s PoSH-ACME Powershell module, but I thought I would share the process of how to update SSL certificates for Exchange 2019 manually. These steps are the same for Exchange 2013 and Exchange 2016 since they both use the similar web interface.

If you have any questions regarding the process, be sure to leave a comment and I’ll do my best to get back to you.

Update SSL Certificates for Exchange 2019 by Generating a Certificate Signing Request (CSR)

  • Start out by opening a browser and navigating to https://YourExchangeServer/ecp
  • Exchange Admin Center 2016 Login

  • Next, click on Servers -> Certificates -> Add Icon
  • Servers-Certificates-Exchange-2019

  • The default, Create a request for a certificate from a certificate authority should be selected
  • Create a CSR Exchange 2019

  • Enter in a friendly name for your cert
  • Create a CSR Exchange 2019 Friendly Name

    I chose to append the expiration date to my friendly name so I can see just by looking at it, when the cert expires.


  • If you want a wildcard, click the setting and enter in the root domain. Otherwise, enter the exact name that will be used.
  • Create a wildcard certificate

  • Click browse to select the server. Click next
  • Store Cert on this Server Exchange 2019

  • Enter the details regarding your organization
  • Information about Certificate and Organization

  • Enter in a path that you have access to
  • New Exchange Certificate Request Complete

  • Once the wizard has successfully completed, you should see a pending request in your ECP
  • Certificate Pending Request

  • Navigate to the saved location and open with Notepad or editor of your choice
  • Exchange 2019 Certificate Request REQ file

  • IMPORTANT: You need to submit that newly created cert req to your public SSL provider so they can provide you the actual .CER file.
  • Once you’ve obtained the .CER from your Cert Provider, go back to Servers -> Certificates and click Complete
  • Provide the location for the .CER file
  • Complete CSR Certificate Request

  • Once a valid .CER file has been uploaded, the status should change to Valid
  • Double Click the newly added cert and go to Service. Add SMTP and IIS services
  • Exchange 2019 Add Services - Certificate Request

At this point you should be able to go into your certificate store and export the .PFX file for use with ADFS or other services that require a private key. The path is generally going to be found under Cert:\LocalMachine\My

Hopefully this answers some questions and helps you update SSL Certificates for Exchange 2019 in your environment. The first time I did it, it was very daunting but once you have an understanding of the process, it makes more sense. Finally, don’t forget to subscribe to our Youtube Channel for some interesting video content and good times.

5/5 - (17 votes)

Paul Contreras

Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.

Leave a Reply

Your email address will not be published.