We’ve already talked about SSL certificate for Exchange Servers in a general way, but we’re going to take a closer look at securing an instance of Microsoft Exchange Server 2013. The good news is that it’s a really simple set of steps that you need to take.
If you’re familiar with Exchange Server 2013 and SSL certificates, you’re not going to have any problems. Just in case you’re not up to speed with both, we’re going to go over the basics to help give you a general understanding of how to lock down and secure Microsoft Exchange Server for your company.
What’s New in Exchange Server 2013?
Before we go over the step you want to take to install an SSL certificate on Exchange Server 2013, we’re going to take a quick look at the major changes in this version of Microsoft’s communication solution. While you may be familiar with all of these, this is a good refresher.
- Exchange Administration Center – The User Interface for Exchange Server 2013 got a big upgrade – thankfully. In this version, the admin console is entirely web based, which is nice. However, because of this change, some older how-to articles may not be as useful if you can’t find the settings they ask you to switch. That being said, most people absolutely love the new GUI.
- Exchange architecture revisions – If you’re familiar with Exchange Server 2007 or 2010, you know that it was split up into five separate servers that handled everything. This was to ensure that the whole suite ran more smoothly. In Exchange Server 2013, this has been changed dramatically. Now, you’re only dealing with two main servers – the Client Access server and the Mail server.
- ESE (Extensible Storage Engine) – Unfortunately, Microsoft insisted on continuing to use this database engine for Exchange Server 2013 instead of SQL (which many network admins would prefer – leave us a comment if you’re one of them!) – but they have changed the way ESE works. Each database runs as its own thread. This means that if one goes down, it doesn’t take everything else down with it, which is really nice.
- Built-in antimalware – Spam filters have been a part of Exchange Server for a while, but Microsoft took it one step further in Exchange Server 2013. They now have anti-malware built into the software. This helps tremendously with making sure your network is secure and protected at all times. This is really useful when you are blocking phishing attempts and keeping your network users safe.
While Exchange Server 2013 had other upgrades and changes, the ones listed above are the main ones we think you should know about.
What Type of SSL Certificate Should You Use?
This is going to depend on your needs, but here is a short list of the types of SSL certificates we recommend for Exchange Server 2013 set-ups.
- Multi-subdomain Wildcard SSL
- Enterprise EV Multi-domain UCC SSL
- Multi-domain UCC SSL
- Premium Multi-subdomain SSL
How to Install SSL Certificate on Microsoft Exchange Server 2013
In general, you’re going to want an SSL certificate that will handle more than one domain. This is referred to as a “Subject Alternate Name” (SAN) certificate. Others may refer to it as a “Unified Communications” (UC) certificate. Either way, the process of getting it installed correctly is composed of three basic steps.
STEP 1 – CSR Creation
Create the Certificate Signing Request to a Certificate Authority – like SSL.com. To generate the CSR, you want to run the following command:
New-ExchangeCertificate
STEP 2 – Certificate Installation
After you have been issued your SSL certificate, the next step is to install it. If you received a .crt file, you will need to install intermediate certificates separately. If you received .p7b certificate file, the intermediary certificates are already installed. Either way, you will want to get the main SSL certificate installed by issuing the following command:
Import-ExchangeCertificate
STEP 3 – Testing
A lot of people like to skip this step, but we don’t recommend it. Once your SSL certificate is installed, you want to ensure that it is working correctly. To check out the installation, run the following command:
Get-ExchangeCertificate
This will give you a quick look at what happened after installing the certificate and allow you to ensure that it was set-up correctly before you move forward.
Resources for Exchange Server 2013 SSL Certificates
Here are a few other links that may be useful for installing an SSL certificate on your Exchange Server 2013 correctly.
- Digital certificates and SSL (Microsoft)
- Exchange 2013 certificate management UI (Microsoft)
- How to Create a digital certificate request (Microsoft)
- Certificate requirements for hybrid deployments (Microsoft)
- Exchange 2013 Client Access server configuration (Microsoft)
Exchange Server 2013 Commands
Here is a handy list of all the Microsoft pages about the various commands you’ll be using to install an SSL certificate on an Exchange Server 2013 setup.
- Import-ExchangeCertificate (Microsoft)
- Enable-ExchangeCertificate (Microsoft)
- Get-ExchangeCertificate (Microsoft)
- New-ExchangeCertificate (Microsoft)
- Remove-ExchangeCertificate (Microsoft)
Do you have specific questions about choosing the right SSL certificate for an Exchange Server 2013 installation? Leave a comment below or contact us, and we’ll make sure you get the answers you need. Once you’ve installed SSL certificates on an Exchange Server once or twice, it’s going to become easier. Let us know if you found this page useful.