Exchange 2013 creates a self-signed SAN certificate and assigns it to the services like IMAP, POP, IIS, and SMTP.The only drawback of this self-signed certificate is that it contains the server’s FQDN and NetBIOS names only.Where we get certificate errors on all the Clients where we need to install the Self signed Certificates manually on all the clients , which is a hassle and no one likes it in fact .
To avoid any certificate related errors and use it over the internet without any problems it is highly recommended that you request and assign a certificate from a Certification Authority that can be contacted from anywhere like DigiCert,VeriSign,Go Daddy etc.. .
To request a new certificate from a trusted CA use following format:
Requesting a Certificate , you can use Exchange Management shell or GUI
GUI is much user friendly
You can refer the link below to use GUI and Export the Exchange Certificate
Use this request file for submission to the CA and download the certificate. Save the certificate to a convenient location.
Upload the CSR (.req) file to the third party Cert providers like DigiCert.
And once the Verification Process completes. you can download the Cert from their Portal.
To Import the Generated certificate
You learnt how to Export and Import Exchange Certificates in Exchange 2013