Transferring Certificates to Exchange 2010

KB ID 0000264 

Problem

As a rule most of my clients use self signed certificates, (even though you can buy certs cheap as chips these days). If you have paid for a certificate I can see why you would want to transfer it to the new Exchange box, though if your using self signed certificates, it’s a simpler task to create a new one. But I was asked, and what you guys ask for, I will work out how to do 🙂

Solution

Export Certificate from Exchange 2007

1. To see what certificates are being used for what. Launch “Exchange Management Shell” > Issue the following command,

[box]Get-ExchangeCertificate[/box]

2. Take a note of the certificates thumbprint (copy it to notepad).

Note: The Letters mean I – IMAP P – POP U – Unified Messaging W – WEB (IIS) S – SMTP

3. To export the certificate, (Note: Put in your certificate thumbprint).

[box]Export-ExchangeCertificate -Thumbprint 1D5B46DBA10E2669327498BFB9F56146A47256CC -BinaryEncoded:$true -Path c:exported.pfx -Password:(Get-Credential).password[/box]

4. Enter your domain credentials.

5. Your exported certificate is now on the root of C: and called exported.pfx

Export Certificate from Exchange 2003

1. Click Start > mmc {enter} > File > Add/Remove Snap-in.

2. Add > Certificates > Add > Select “Computer account” > Next.

3. Accept the default of “Local computer” > Finish > Close > OK.

4. Expand Certificates > Personal > Certificates > locate the cert you are using for OWA etc.

5. Check the expiration date if you are unsure.

6. In the certificates console right click your certificate > All Tasks > Export.

7. At the welcome page > Next > “Select Yes Export the Private Key” > Next > Next > Leave password blank > Next > Chose where to save it > Save.

8. Next > Finish > It should say that it was successful.

Import your Certificate into Exchange 2010

1. Copy your exported.pfx file to the root of the Exchange servers C: Drive.

2. Launch Exchange Management Shell > Issue the following command,

[box]Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0)) -Password:(Get-Credential).password[/box]

Or in you exported the certificate form Exchange 2003

[box]Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:exported.pfx -Encoding Byte -ReadCount 0))[/box]

Exchange 2003 Certificate Import (without a password prompt).

Exchange 2007 and 2010 Certificate Import

4. Then to enable the certificate use the following command > and Press “A” to confirm.

[box]Get-ExchangeCertificate -DomainName mail.domainc.com | Enable-ExchangeCertificate -Services IIS,SMTP[/box]

5. Now your OWA, Active-Sync etc, will be using the imported certificate.

 

Related Articles, References, Credits, or External Links

Thanks to Rick Faria for pointing out this info was missing from the site 🙂