How to Import and Export your SSL Certificate in Exchange 2007

  Print

How to Import and Export your SSL Certificate in Exchange 2007

Exporting/Backing Up to a .pfx File

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.

  3. Click Certificates > Add and then close the Add Standalone Snap-in window. Click OK.



  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
  7. Follow the wizard to export your primary certificate to a .pfx file. Choose Yes, export the private key.
  8. Choose to include all certificates in certificate path if possible.
    Warning: Do not select the delete private key option.
  9. Leave the default settings and enter your password if required. Choose the location to save the file and click Finish. You will receive an export successful message. The .pfx file is now saved in the location you selected.
Importing from a .pfx File

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add and then close the Add Standalone Snap-in window. Click OK.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the Add Standalone Snap-in window and the Add/Remove Snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the Personal Certificates Store folder and select ALL TASKS > Import.
  7. Follow the certificate import wizard to import your primary certificate from a .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
Enabling a New Certificate on a Server

  1. Run the following Get-ExchangeCertificate command to get your certificate thumbprint. Replace "your.domain.name" with your domain.

    1. [PS] C:\> Get-ExchangeCertificate -DomainName your.domain.name
      Thumbprint                                Services   Subject
      ----------                                --------   -------
      136849A2963709E2753214BED76C7D6DB1E4A270  .....      CN=your.domain.name
              
  2. Run the following Enable-ExchangeCertificate command to enable your certificate for use with Exchange. Replace the text in red to match your thumbprint.
    1. Enable-ExchangeCertificate -ThumbPrint [paste_your_thumbprint] -Services "SMTP, IMAP, POP, IIS"
  3. You can now re-run the Get-ExchangeCertificate command to verify that the certificate was successfully installed.
    1. In the Services column, the letters SIP and W stand for SMTP, IMAP, POP3 and Web (IIS).
  4. Test your certificate by connecting to your server with IE, ActiveSync, or Outlook.
    1. If you are using ISA 2004 or ISA 2006 you need to reboot your servers.


Related Articles

Login