Export and Import the Certificate on Microsoft Exchange Server 2016

In the previous Exchange Server 2016 article, you have created a trusted certificate by creating a certificate request and submitting it to a CA. If you have multiple Exchange Servers 2016 in your environment, you need to export the same certificate and import it to the new Exchange Server 2016.Exchange Server 2016 consolidates all roles on the Mailbox Server, except the Edge Transport server role. In Exchange Server 2013, you need to do these steps in Exchange Server where the Client Access Server Role installed. Here, you have two Exchange Server 2016 (KTM-EX1 and KTM-EX2). KTM-EX1 has already installed trusted certificate, from KTM-EX1 you need export the certificate and import the certificate to KTM-EX2, is a new Exchange Server 2016.

Export the Certificate from KTM-EX1
1. In Exchange admin center, on the Certificates tab, in the Select server box, select KTM-EX1.msserverpro.com, click the msserverpro.com certificate, verify that trusted certificate is installed in KTM-EX1.msserverpro.com.

2. In Exchange admin center, on the Certificates tab, in the Select server box, select KTM-EX2.msserverpro.com, verify that trusted certificate is not installed. After installing Exchange Server 2016, the server is configured to use a Self-signed certificate for KTM-EX2.msserverpro.com.

3. In Exchange admin center, on the Certificates tab, in the Select Server box, select KTM-EX1.msserverpro.com, click the msserverpro.com certificate, click More and click Export Exchange certificate.

4. On the export Exchange certificate page, in the File to export to text box, type \\KTM-EX2\ExportCertificate\ExchangeCert.pfx. In the Password text box, type P@ssw0rd, and then click OK.

5. Verify the export exchange server certificate file.

6. In the Exchange admin center, in the Select Server box, select KTM-EX2.msserverpro.com, click More and click Import Exchange Certificate.

7. On the import Exchange certificate page, in the File to import from text box, type \\KTM-EX2\ExportCertificate\ExchangeCert.pfx. In the Password text box, type P@ssw0rd, and then click Next.

8. In the import Exchange certificate page, In the Specify the servers you want to apply this certificate to area, click add, select KTM-EX2, click add and then click OK.

9. In the import Exchange certificate page, verify that KTM-EX2.msserverpro.com is listed in the Specify the servers you want to apply this certificate to area, click Finish.

10. Verify that the trusted certificate is installed in KTM-EX2.msserverpro.com.

Assign services to the KTM-EX2

Before your certificate become active, you need to assign specific Exchange services to SMTP and IIS.

11. In Exchange admin center, on the Certificates tab, in the Select Server box, select KTM-EX2.msserverpro.com, click the msserverpro.com certificate, click Edit.

12. In the msserverpro.com windows, click services. Select the SMTP and IIS check boxes, and click Save.

13. In the Warning windows, click Yes.

We have now successfully export and import exchange server certificate for new Exchange Server KTM-EX2 and assign Exchange services to it, such as IIS and SMTP.

 

 

Summary:

When we have multiple Exchange Server 2016 in our organization, we have to configure these steps. In Exchange Server 2013 we have to do these steps in Client Access Server. In the production environment, always use public CA certificate for Exchange Server certificate because public certificate is auto trust by all browser. I hope this article will help.