Export-ExchangeCertificate: Exchange 2010 Help

Export-ExchangeCertificate: Exchang...

Collapse All

Language Filter

More Resources

Related Blog Articles

Visit the Exchange Team Blog

more...

Related Forum Discussions

Ask a question

Visit the forums

This page is specific to Exchange Server 2010

Information on this topic is also available for the following versions:

Exchange Server 2007

Export-ExchangeCertificate

[This topic's current status is: Content Complete.]

Applies to: Exchange Server 2010 Topic Last Modified: 2009-07-07

Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer. You can export a certificate with its private key or a certificate request file.

Syntax


Export-ExchangeCertificate -Thumbprint <String> [-BinaryEncoded <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Password <SecureString>] [-Server <ServerIdParameter>] [-WhatIf [<SwitchParameter>]]

Parameters

Parameter	Required	Type	Description
Thumbprint	Required	System.String	The Thumbprint parameter specifies the thumbprint of the certificate that you're exporting. Each certificate contains a thumbprint, which is the digest of the certificate data. It can be retrieved by using the Get-ExchangeCertificate cmdlet.
BinaryEncoded	Optional	System.Management.Automation.SwitchParameter	The BinaryEncoded parameter specifies how the exported file is encoded. By default, this command creates a Base64-encoded file. To create a DER-encoded file, set this parameter to `$true`.
Confirm	Optional	System.Management.Automation.SwitchParameter	The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.
DomainController	Optional	Microsoft.Exchange.Data.Fqdn	The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory. The DomainController parameter isn't supported on the Edge Transport server role. The Edge Transport server role reads only from the Active Directory Lightweight Directory Services (AD LDS) instance.
Password	Optional	System.Security.SecureString	The Password parameter specifies the password for the private key that's exported with this command. Use the Get-Credential cmdlet to store the password variable. The Get-Credential cmdlet will prompt you for a user name and password, but only the password field is used to export or import the certificate. Therefore, you don't have to use a real domain name or user name in the Name field. For implementation details, see "Examples" later in this topic.
Server	Optional	Microsoft.Exchange.Configuration.Tasks.ServerIdParameter	The Server parameter specifies the server name from which you want to export the certificate.
WhatIf	Optional	System.Management.Automation.SwitchParameter	The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Detailed Description

The Export-ExchangeCertificate cmdlet creates either of the following files:

PKCS #10 file If the thumbprint specified in the command points to a certificate request, the Export-ExchangeCertificate cmdlet creates a PKCS #10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the Certification Request Syntax standard specified by RFC 2314. For more information, see PKCS #10: Certification Request Syntax.

PKCS #12 file If the thumbprint specified in the command points to an actual certificate, the Export-ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax standard specified by RSA Laboratories. For more information, see PKCS #12: Personal Information Exchange Syntax Standard.

Important:
When you use the Export-ExchangeCertificate cmdlet, you must export certificate data to a variable, as shown in "Examples" later in this topic, and then use the Set-Content cmdlet to write the data to a file. For more information, see Understanding Importing and Exporting Files in the Exchange Management Shell. For more information about the Set-Content cmdlet, see Set-Content.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.

Input Types

Return Types

Errors

Error	Description

Exceptions

Exceptions	Description

Examples

EXAMPLE 1

This example exports a certificate specified by its thumbprint, along with the private key, to a file named htcert.pfx in the certificates directory on a Hub Transport server. The exported certificate is DER-encoded. A password is required when exporting a certificate with its private key.

The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.

$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Password (Get-Credential).password

The following command uses the Set-Content cmdlet to write data stored in the variable $file to the file htcert.pfx.

Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte