KB ID 0000264
Problem
As a rule most of my clients use self signed certificates, (even though you can buy certs cheap as chips these days). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it’s a simpler task to create a new one. But I was asked, and what you guys ask for, I will work out how to do 🙂
Solution
Export Certificate from Exchange 2007
1. To see what certificates are being used for what. Launch “Exchange Management Shell” > Issue the following command,
[box]Get-ExchangeCertificate[/box]
2. Take a note of the certificates thumbprint (copy it to notepad).
Note: The Letters mean I – IMAP P – POP U – Unified Messaging W – WEB (IIS) S – SMTP
3. To export the certificate, (Note: Put in your certificate thumbprint).
[box]Export-ExchangeCertificate -Thumbprint 1D5B46DBA10E2669327498BFB9F56146A47256CC -BinaryEncoded:$true -Path c:exported.pfx -Password:(Get-Credential).password[/box]
4. Enter your domain credentials.
5. Your exported certificate is now on the root of C: and called exported.pfx
Export Certificate from Exchange 2003
1. Click Start > mmc {enter} > File > Add/Remove Snap-in.
2. Add > Certificates > Add > Select “Computer account” > Next.
3. Accept the default of “Local computer” > Finish > Close > OK.
4. Expand Certificates > Personal > Certificates > locate the cert you are using for OWA etc.
5. Check the expiration date if you are unsure.
6. In the certificates console right click your certificate > All Tasks > Export.
7. At the welcome page > Next > “Select Yes Export the Private Key” > Next > Next > Leave password blank > Next > Chose where to save it > Save.
8. Next > Finish > It should say that it was successful.
Import your Certificate into Exchange 2010
1. Copy your exported.pfx file to the root of the Exchange servers C: Drive.
2. Launch Exchange Management Shell > Issue the following command,
[box]Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0)) -Password:(Get-Credential).password[/box]
Or in you exported the certificate form Exchange 2003
[box]Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0))[/box]
Exchange 2003 Certificate Import (without a password prompt).
Exchange 2007 and 2010 Certificate Import
4. Then to enable the certificate use the following command > and Press “A” to confirm.
[box]Get-ExchangeCertificate -DomainName mail.domainc.com | Enable-ExchangeCertificate -Services IIS,SMTP[/box]
5. Now your OWA, Active-Sync etc, will be using the imported certificate.
Related Articles, References, Credits, or External Links
Thanks to Rick Faria for pointing out this info was missing from the site 🙂