For those familiar with Exchange and have been working over the years with it, whether it is Exchange 2013, Exchange 2016 and Exchange 2019, you normally login to the Exchange Admin Center (EAC) and then create your certificate request directly from there.
With Exchange now, you have to use PowerShell to create your certificate request as the option has been removed as shown below:
We need to use the Exchange Management Shell (EMS) to firstly generate our certificate request and then export it to a file after that so we can upload the information to a certificate authority like Digicert etc.
Here is the first command we need to run:
Here is the second command we need to run to export the request to a file:
We can then see in the Exchange Admin Center that we have a pending request as shown below:
We now can complete the request by importing the CRT file that we received from our 3rd party provider as shown below:
Once the above command completes, you will then have a certificate that shows as “Valid” in the Exchange Admin Center. Double click the certificate and then go to the services tab and select the services you need as shown below, click Save when done:
The same applies to exporting the certificate, you cannot do this from the EAC anymore, it has to be done from PowerShell or the MMC with the Certificates Snapin.
From the Exchange Management Shell, you can now import the SSL certificate in PFX format to your other server as shown below:
Repeat the steps to assign services as needed.
Hope it helps.