An Exchange Server lets you communicate over a number of protocols including SMTP, IMAP and even HTTPS. To communicate using encryption, you need an SSL certificate. You can obtain a certificate from any certificate authority (CA). If you have hosting, your host could offer a certificate through your hosting contract.
First, Generate a CRF
A Certificate Request File (CRF) is generated on your Exchange Server. It’s basically a file that contains encrypted text that verifies your mail server authenticity. You’ll need this file when you request an SSL certificate, so it’s required for the process.
You generate a CRF from the Exchange Admin Center. Click “Certificates” in the top list of options, and then click “Servers” from the left panel. Click the “+” button in the top toolbar to start the CRF process.
Click “Create a request for a certificate from a certification authority” and give your certificate request a friendly name.
The next screen asks you if you want to request a wildcard certificate. A wildcard covers all subdomains for the root domain. In most cases, you don’t want a wildcard certificate unless you run multiple subdomains.
Next, give a name for your certificate request and choose a place to store it on your server. You need to enter the main information for your organization including its name, city, state/province, and country. This information is included in the encrypted information and gives the certificate authority information about the requestor. This information should match the information in WHOIS for your domain.
Next, Submit Your Certificate to a CA
Once you have the CRF, you can use any certificate authority to get an official SSL certificate. The process to submit a CRF to get your SSL certificate is dependent on the CA and its own process, but most of them have similar processes.
You first submit the CRF to the CA and wait about a week for the CA to verify the information. They usually give you a call, but sometimes they require additional information or verification using a signed form from the domain owner.
Once the information is verified, the CA sends you a notification indicating that you can download your SSL certificate. You download the certificate and upload it to your server. Most certificates are only good for a year, and then you’ll need to renew the certificate for a nominal fee.
Finally, Install Your Certificate
Once you receive your certificate, you return to the Exchange Admin Center where you complete the request. Click the new request that you created in the first section and click “Complete” in the right panel.
Choose the location of the downloaded certificate, and that’s it! You’re finished! Your Exchange server officially can use encrypted communication for email.
The cost for SSL depends on the certificate authority. Wildcard certificates are much more expensive than a root domain certificate. Encrypted communication is important to protect from eavesdroppers and sniffers that can obtain sensitive corporate data from your unencrypted email communications.