Transferring Certificates to Exchange 2010

KB ID 0000264 


As a rule most of my clients use self signed certificates, (even though you can buy certs cheap as chips these days). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it’s a simpler task to create a new one. But I was asked, and what you guys ask for, I will work out how to do 🙂


Export Certificate from Exchange 2007

1. To see what certificates are being used for what. Launch “Exchange Management Shell” > Issue the following command,


export exchange 2007 cert

2. Take a note of the certificates thumbprint (copy it to notepad).

Note: The Letters mean I – IMAP P – POP U – Unified Messaging W – WEB (IIS) S – SMTP

3. To export the certificate, (Note: Put in your certificate thumbprint).

Export-ExchangeCertificate -Thumbprint 1D5B46DBA10E2669327498BFB9F56146A47256CC -BinaryEncoded:$true -Path c:exported.pfx -Password:(Get-Credential).password

4. Enter your domain credentials.

set cert password

5. Your exported certificate is now on the root of C: and called exported.pfx

pfx exporting

Export Certificate from Exchange 2003

1. Click Start > mmc {enter} > File > Add/Remove Snap-in.

2. Add > Certificates > Add > Select “Computer account” > Next.

mmc certificates

3. Accept the default of “Local computer” > Finish > Close > OK.

cert snapin

4. Expand Certificates > Personal > Certificates > locate the cert you are using for OWA etc.

locate digital certificate

5. Check the expiration date if you are unsure.

6. In the certificates console right click your certificate > All Tasks > Export.

certificate export windows

7. At the welcome page > Next > “Select Yes Export the Private Key” > Next > Next > Leave password blank > Next > Chose where to save it > Save.

export private key

8. Next > Finish > It should say that it was successful.

exchange 2003 certificate export

Import your Certificate into Exchange 2010

1. Copy your exported.pfx file to the root of the Exchange servers C: Drive.

2. Launch Exchange Management Shell > Issue the following command,

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0)) -Password:(Get-Credential).password

Or in you exported the certificate form Exchange 2003

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0))

Exchange 2003 Certificate Import (without a password prompt).

exchange 2003 certificate import

Exchange 2007 and 2010 Certificate Import

import exchange cert

4. Then to enable the certificate use the following command > and Press “A” to confirm.

Get-ExchangeCertificate -DomainName | Enable-ExchangeCertificate -Services IIS,SMTP

enable exchange certificate

5. Now your OWA, Active-Sync etc, will be using the imported certificate.

exchange certificate


Related Articles, References, Credits, or External Links

Thanks to Rick Faria for pointing out this info was missing from the site 🙂

Author: Migrated

Share This Post On