How to Export an SSL Certificate

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to use the Exchange Management Shell to export a Secure Sockets Layer (SSL) certificate. An SSL certificate is installed on a Microsoft Exchange Server 2007 computer that has the Client Access server role installed. The SSL certificate enables the Client Access server to encrypt communications with clients by using SSL technology. The SSL certificate installed on the Client Access server can be the default self-signed certificate, a certificate from a Windows public key infrastructure (PKI) certification authority (CA), or a certificate from a trusted commercial third-party CA. For more information about the different types of certificates, see Understanding SSL for Client Access Servers.

You can export an existing certificate or a certificate request. To install a copy of the SSL certificate on a client computer or mobile device, the certificate must be exported by using the Export-ExchangeCertificate cmdlet.

Important

Previous versions of Microsoft Exchange let you use Internet Information Services (IIS) to save a copy of the certificate. Although IIS will still let you save a copy of the certificate in Exchange 2007, we do not recommend that you do this. Use the Export-ExchangeCertificate cmdlet to generate a copy of the certificate for importing to another server, client computer, or device.

After you have exported the SSL certificate in the form of a PKCS #12 file, the file can then be imported by the following:

  • Another Exchange 2007 server, by using the Import-ExchangeCertificate cmdlet

  • A client computer, by using the Certificate Import Wizard in the Microsoft Management Console

  • A mobile device, by using desktop ActiveSync

    Note

    Not all mobile devices support installation of SSL certificates. For more information, see your mobile device documentation.

Before You Begin

To perform the following procedure, the account you use must be delegated the Exchange View-Only Administrator role and membership in the local Administrators group.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Procedure

To use the Exchange Management Shell to export an SSL certificate

  • Run the following command:

    Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password

For more information about syntax and parameters, see Export-ExchangeCertificate.

For More Information

For more information about SSL certificates, see the following topics: