In Exchange 2019, you can generate a new CSR and then import the signed certificate from your registrar like Digicert or RapidSSL or Godaddy etc.

To generate a CSR in Exchange 2019, you can run the following command from the Exchange Management Shell (EMS):

  • $cert = New-ExchangeCertificate -GenerateRequest -SubjectName “C=ZA,o=thexchangelab,cn=thexchangelabcert” -DomainName “” -PrivateKeyExportable $true

Once the command has run, you can now run the following command to export the information to a text file:

  • $cert | out-file c:\Installs\certreq.txt

Now if we head over to the location that we specified in the second command we will see the generated CSR:

Once we have received our new file from our provider, we can complete the request by running the following command:

  • Import-ExchangeCertificate -FileName “C:\Location\CertName.cer”

As you can see, it is now imported, the last step is to assign services to the certificate which you can achieve by running this command:

  • Enable-ExchangeCertificate -Thumbprint “xxxx” -Services SMTP,IIS

You will be prompted if you want to overwrite the default certificate, you can choose yes and all will be completed.

Hope it helps.