Primarily we can configure our AD to offer Certificates by installing the PKI infrastructure. This way we can configure the Root CA and have it configured to deploy for Exchange Server 2013. For internal purpose this is a common criteria for deploying Root CA, and the primary reason for it that the exchange server will not be internet facing.
The first step is to generate the certificate request for the Exchange 2013 server.
When you have the certificate request file ready, point to your web browser and navigate to the web enrolment page for the Private CA. Click on Request a Certificate.
Click on the “Submit an Advanced Certificate Request.”
Click on the second option, to submit a certificate request using a PKCS file.
Open your certificate request file in Notepad and copy & paste the Certificate Signing Request (CSR) into the field, then change the certificate type to Web Server.
Click Submit when you are ready and the CA will begin processing the request. When it is complete you can click the link to download the certificate to your computer. I would recommend that you download the who certificate chain.
And now you are done with requesting the certificate. For more info:
- Digital Certificates and SSL: http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx#digitalcertificatesbestpractices
- Create a Digital Certificate Request: http://technet.microsoft.com/en-us/library/bb125165(v=exchg.150).aspx