Date created: Sunday, January 2, 2011 1:02:12 AM. Last modified: Thursday, December 13, 2012 11:41:20 AM
Exchange Certificate
To install/renew a certificate under Exchange 2007 with a new one, start by importing the new certificate file (assuming you are using a certificate from a trusted CA for public facing servers and not generating a new one);
>Import-ExchangeCertificate -Path "C:\mycert.cer"
View installed certificates on the exchange server (the new cert below is listed with 'W', meaning its installed for IIS already. The cert was installed in IIS first for SSL access required by OWA, but I want to use the cert for the other services also);
>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 ...W. CN=exchsrv.fqdn NEW CERT
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ ....S CN=exchsrv.fqdn OLD CERT
12ABCDEFG345HIJKLMNOPQRS67890TUVWXYZ IP..S CN=exchsrv SELF 'GENED CERT
Now we must enable the cert for the services I wish to have SSL enabled on
>Enable-ExchangeCertificate -Thumbprint ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 -Services IMAP,POP,SMTP
Overwrite existing default SMTP certificate, '12ABCDEFG345HIJKLMNOPQRS67890TUVWXYZ' (expires 4/12/2011 7:20:06 AM), with certificate 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' (expires 9/28/20114:44:26 PM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):Y
Verify the cert was enabled for the services I desired;
>Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 IP.WS CN=exchsrv.fqdn NEW CERT
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ ....S CN=exchsrv.fqdn OLD CERT
12ABCDEFG345HIJKLMNOPQRS67890TUVWXYZ ....S CN=exchsrv SELF 'GENED CERT
Old certificates can be removed with;
>Remove-ExchangeCertificate -Thumbprint 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
Previous page: Email Attachment with Powershell
Next page: Exchange DB Size