Installation Instructions for Microsoft Exchange 2010 server

Solution ID:    SO18078    Updated:    05/27/2014


This document provides instructions for installing SSL Certificates for Exchange 2010 using the Exchange Management Console. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft.

This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.
Method 2 (recommended): Installing the certificate downloaded from the RapidSSL User Portal.

Method 1: Download and Install SSL certificate sent via e-mail

Step 1: Obtain the SSL certificate sent via email:

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file
           using Vi or Notepad.

           The text file should look like:

            -----BEGIN CERTIFICATE-----

                    [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.
    4.    Save the certificate filename with the .cer extension. For example: public.cer

Step 2: Download and Install the Intermediate CAs:

           To download and install the Intermediate CAs follow the steps from this link: SO16588

Step 3: Install the SSL certificate:
           To proceed with the installation steps for your SSL certificate click here

Step 1: Download the SSL certificate from RapidSSL User Portal:

           Note: Download the certificate from the RapidSSL User Portal by
           following the steps from this link: SO16222

           Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b. 

Step 2: Install Certificate

To install an SSL certificate onto Microsoft Exchange 2010, you will need to use the Exchange
Management Console (EMC): 

    1.    Start the EMC by going to Start > Programs > Microsoft Exchange 2010 > EMC.
    2.    Select "Manage Databases", and then select "Server configuration".
    3.    Select the certificate from the center menu (listed by its Friendly Name), and then
           select "Complete Pending Request" from the "Actions" menu. 


    4.    Browse to the certificate file, then select Open > Complete.

           Note: Occasionally Exchange 2010 will show following error message
           "The source data is corrupted or not properly Base64 encoded." Please ignore this error.
           Although the error may appear,  the certificate often still installs correctly.

           Hit F5 (on the keyboard) to refresh the certificate and verify that it now says "False" under
           "Self Signed". If it still shows "True", the wrong certificate may have been selected or the
           request may have been generated on a different server. To resolve this issue, create a new 
           CSR on the Exchange server SO14717 and replace the certificate, see SO10700.

    5.    To enable the certificate, go back to the Exchange Management Console.
    6.    Select "Manage Databases", and then select "Server configuration" and click on the
           link  "Assign Services to Certificate." 


    7.    Select the services for which the certificate must be enabled then click Next > Assign > Finish.
    8.    The certificate is now installed and enabled for use with Exchange 2010.
    9.    Test your certificate by connecting to your server with Internet Explorer, ActiveSync, or Outlook.  
           You may also use the RapidSSL Installation Checker. 

           Note: If using ISA 2004 or ISA 2006, a reboot is recommended. It has been reported that
           ISA services won't send the intermediate certificate until after a reboot. 

           For more information, refer to the Microsoft Knowledge base  


RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips