How to Export an SSL Certificate

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-03-23

This topic explains how to use the Exchange Management Shell to export a Secure Sockets Layer (SSL) certificate. An SSL certificate is installed on a Microsoft Exchange Server 2007 computer that has the Client Access server role installed. The SSL certificate enables the Client Access server to encrypt communications with clients by using SSL technology. The SSL certificate installed on the Client Access server can be the default self-signed certificate, a certificate from a Windows public key infrastructure (PKI) certification authority (CA), or a certificate from a trusted commercial third-party CA. For more information about the different types of certificates, see Understanding SSL for Client Access Servers.

You can export an existing certificate or a certificate request. To install a copy of the SSL certificate on a client computer or mobile device, the certificate must be exported by using the Export-ExchangeCertificate cmdlet.

Important:
Previous versions of Microsoft Exchange let you use Internet Information Services (IIS) to save a copy of the certificate. Although IIS will still let you save a copy of the certificate in Exchange 2007, we do not recommend that you do this. Use the Export-ExchangeCertificate cmdlet to generate a copy of the certificate for importing to another server, client computer, or device.

After you have exported the SSL certificate in the form of a PKCS #12 file, the file can then be imported by the following:

• Another Exchange 2007 server, by using the Import-ExchangeCertificate cmdlet
  
• A client computer, by using the Certificate Import Wizard in the Microsoft Management Console
  
• A mobile device, by using desktop ActiveSync
  

  Note:
  Not all mobile devices support installation of SSL certificates. For more information, see your mobile device documentation.