Assign a certificate to the UM and UM Call Router services in Exchange Server

Applies to: Exchange Server 2013, Exchange Server 2016

You can use the EAC or the Shell to assign a self-signed, internal public key infrastructure (PKI), or third-party commercial certificate for specific Exchange services. When you use the New-ExchangeCertificate cmdlet to assign the certificate to Exchange services with the Services parameter, you're prompted to assign the certificate to Exchange services. If you use the EAC to create a certificate, the New Exchange Certificate wizard won't prompt you to assign the certificate to Exchange services. You need to edit the properties of the certificate and assign the certificate by selecting which services you want to assign it to.

Different services have different certificate requirements. For example, some services may only require a server name in the Subject Name or Subject Alternative Name boxes of a certificate and other services may require a fully qualified domain name (FQDN). Make sure that the certificate name can support the uses required by the services you enable it for.

Warning

Self-signed certificates can't be used when you're integrating Unified Messaging (UM) with Microsoft Lync Server.

For additional management tasks related to managing certificates for Unified Messaging, see Deploying certificates for UM procedures.

What do you need to know before you begin?

• Estimated time to complete: 5 minutes.

• You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell infrastructure permissions topic and the "UM service" entry in the Unified Messaging permissions topic. You must also log on by using an account that's a member of the local Administrators group on that computer.

• For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.

Use the EAC to assign a certificate to the Unified Messaging and UM Call Router services

1. In the EAC, navigate to Servers > Certificates.

2. In the list view, select the certificate that you want to assign to the Unified Messaging and UM Call Router services, and then click Edit .

3. On the <Certificate name> page, select Services, and then select UM and UM call router.

4. Click Save.

Use the Shell to assign a certificate to the Unified Messaging and UM Call Router services

This example assigns a certificate to the Unified Messaging and UM Call Router services.

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services 'UM, UMCallRouter'