Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to: Exchange Server 2013, Exchange Server 2016
You can use the EAC or the Shell to import or export self-signed, internal public key infrastructure (PKI), or third-party commercial certificates. For Unified Messaging (UM), you can use one of these certificates for the Microsoft Exchange Unified Messaging service and the Microsoft Exchange Unified Messaging Call Router service. You can use the same certificate for both services, or a different certificate for each service.
Importing certificates for Exchange can be useful when you want to:
Exporting an existing certificate from the certificate store on the local Exchange server can be useful when you want to:
For additional management tasks related to managing certificates for Unified Messaging, see Deploying certificates for UM procedures.
Estimated time to complete: 5 minutes.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell infrastructure permissions topic and the "UM service" entry in the Unified Messaging permissions topic. You must also log on by using an account that's a member of the local Administrators group on that computer.
Before you export a certificate, use the Get-ExchangeCertificate cmdlet to verify that the PrivateKeyExportable attribute on the certificate is set to $true
.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.
This example exports the certificate with the Thumbprint A36DE2B9B62980A717EBD0C3052F5F0B08FBFFCC to a file after it prompts you for a password.
$file = Export-ExchangeCertificate -Thumbprint A36DE2B9B62980A717EBD0C3052F5F0B08FBFFCC -BinaryEncoded:$true -Password (Read-Host "Enter password" -AsSecureString)
This example does the following steps:
Uses the Get-ExchangeCertificate cmdlet to find the certificate that you want to export.
Uses the Export-ExchangeCertificate cmdlet to set the password for the certificate.
Outputs the certificate to a file after you input the password.
$file = Get-ExchangeCertificate -DomainName umcorp.northwindtraders.com | Export-ExchangeCertificate -BinaryEncoded:$true -Password (Read-Host "Enter password" -AsSecureString)
Set-Content -Path "d:\umcerts\selfsigned.pfx" -Value $file.FileData =Encoding Byte
In the EAC, click Servers > Certificates > More options , and then click Import Exchange certificate.
On the Import Exchange certificate page, in the File to import from box, enter the shared folder path and the name of the certificate file. If the certificate is protected with a password, enter the password in the Password box, and then click Next.
Click Add to select the servers that you want to apply the certificate to, and then click OK. If you want to remove a server from the list view, click Remove
, and then click Finish.
This example imports a certificate from the d:\certificates\exchange\SelfSignedUMCert.pfx certificate file after you enter a username and password.
Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes('D:\certificates\exchange\SelfSignedUMCert.pfx')) -Password:(Get-Credential).password
Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.